General
-
Target
6b1ae552c0890ea478ee255346d2e172d3eeefbafb2191a12c54b81b6457297f
-
Size
647KB
-
Sample
220625-h8wj6sdcf5
-
MD5
0b3456561b7942aa67403cddc1fad2bd
-
SHA1
6f68e8fc61f62196fdae16d51951e396773bdcac
-
SHA256
6b1ae552c0890ea478ee255346d2e172d3eeefbafb2191a12c54b81b6457297f
-
SHA512
59b5b9d57315da0aecfec8a8483d253a284d2259990439520cd1ed1c23fa26ecfe531fff2d97c0dd2284a48b9212fdd9c3a9bdac60603c8df695a09c84332b7d
Static task
static1
Behavioral task
behavioral1
Sample
6b1ae552c0890ea478ee255346d2e172d3eeefbafb2191a12c54b81b6457297f
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
23.234.52.54:5009
zxchk.xicp.net:5009
Targets
-
-
Target
6b1ae552c0890ea478ee255346d2e172d3eeefbafb2191a12c54b81b6457297f
-
Size
647KB
-
MD5
0b3456561b7942aa67403cddc1fad2bd
-
SHA1
6f68e8fc61f62196fdae16d51951e396773bdcac
-
SHA256
6b1ae552c0890ea478ee255346d2e172d3eeefbafb2191a12c54b81b6457297f
-
SHA512
59b5b9d57315da0aecfec8a8483d253a284d2259990439520cd1ed1c23fa26ecfe531fff2d97c0dd2284a48b9212fdd9c3a9bdac60603c8df695a09c84332b7d
Score7/10-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-