General

  • Target

    edaca7753735c2306a34fd55f5064777b0d0d5569042c453e7344013224d72d0

  • Size

    611KB

  • Sample

    220625-fnsaxafbem

  • MD5

    2004f9f08f281f8d4ea7c913573dd6cc

  • SHA1

    50203908a2e3a384375e459dd5888e2b44c83ee8

  • SHA256

    edaca7753735c2306a34fd55f5064777b0d0d5569042c453e7344013224d72d0

  • SHA512

    0cd47747cbc895919d15597ab6b25900fb0ffdbb04cc6c4dfc53152b575aa190508cacc694ee0cade4dff797017803ae6a40ea5d867cc0e2551527549d5d2bbd

Malware Config

Extracted

Family

xorddos

C2

num.com:3308

cdn.netflix2cdn.com:3308

cdn.finance1num.com:3308

Targets

    • Target

      edaca7753735c2306a34fd55f5064777b0d0d5569042c453e7344013224d72d0

    • Size

      611KB

    • MD5

      2004f9f08f281f8d4ea7c913573dd6cc

    • SHA1

      50203908a2e3a384375e459dd5888e2b44c83ee8

    • SHA256

      edaca7753735c2306a34fd55f5064777b0d0d5569042c453e7344013224d72d0

    • SHA512

      0cd47747cbc895919d15597ab6b25900fb0ffdbb04cc6c4dfc53152b575aa190508cacc694ee0cade4dff797017803ae6a40ea5d867cc0e2551527549d5d2bbd

    Score
    9/10
    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks