General

  • Target

    696bad26159da671a74a879c34188dcae0edcd6726f8314c5bde240765235dd8

  • Size

    611KB

  • Sample

    220625-exr6tsdhcl

  • MD5

    232e172f7a005dd12d4aad55e0c4a331

  • SHA1

    9425435b359cd7ee6138564c687709e9d244f065

  • SHA256

    696bad26159da671a74a879c34188dcae0edcd6726f8314c5bde240765235dd8

  • SHA512

    f42110ba007957a6256c9a74e0d6e57dd8a3918823a803dbac583155438a60072c54f79ad052ff24da27ff649c04ead6e9962c32710bcf8eb072e8e0050c769f

Malware Config

Extracted

Family

xorddos

C2

um.com:443

cdn.netflix2cdn.com:443

cdn.finance1num.com:443

Targets

    • Target

      696bad26159da671a74a879c34188dcae0edcd6726f8314c5bde240765235dd8

    • Size

      611KB

    • MD5

      232e172f7a005dd12d4aad55e0c4a331

    • SHA1

      9425435b359cd7ee6138564c687709e9d244f065

    • SHA256

      696bad26159da671a74a879c34188dcae0edcd6726f8314c5bde240765235dd8

    • SHA512

      f42110ba007957a6256c9a74e0d6e57dd8a3918823a803dbac583155438a60072c54f79ad052ff24da27ff649c04ead6e9962c32710bcf8eb072e8e0050c769f

    Score
    9/10
    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks