General
-
Target
3aa0531284135dbe4701da8c686386851f9d9eafc1602180f9ce95f1333b773e
-
Size
611KB
-
Sample
220625-c31daaaheq
-
MD5
80f092f47420fcb57f3b96ce5ebce321
-
SHA1
08ee68f169df94a1abf12eabb4522f722b32a6e1
-
SHA256
3aa0531284135dbe4701da8c686386851f9d9eafc1602180f9ce95f1333b773e
-
SHA512
52db70aa7dddf923427fbbcf2c0afab9082b4811433e4ea9ad2b98fffdea70a247211f8447516b1bf9a25a9721818dae31c5b9deaf9088f82aa1faf415c0fe66
Static task
static1
Behavioral task
behavioral1
Sample
3aa0531284135dbe4701da8c686386851f9d9eafc1602180f9ce95f1333b773e
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
ppp.gggatat456.com:53
ppp.xxxatat456.com:53
p5.dddgata789.com:53
p5.lpjulidny7.com:53
Targets
-
-
Target
3aa0531284135dbe4701da8c686386851f9d9eafc1602180f9ce95f1333b773e
-
Size
611KB
-
MD5
80f092f47420fcb57f3b96ce5ebce321
-
SHA1
08ee68f169df94a1abf12eabb4522f722b32a6e1
-
SHA256
3aa0531284135dbe4701da8c686386851f9d9eafc1602180f9ce95f1333b773e
-
SHA512
52db70aa7dddf923427fbbcf2c0afab9082b4811433e4ea9ad2b98fffdea70a247211f8447516b1bf9a25a9721818dae31c5b9deaf9088f82aa1faf415c0fe66
Score10/10-
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-