General

  • Target

    6b1ae552c0890ea478ee255346d2e172d3eeefbafb2191a12c54b81b6457297f

  • Size

    647KB

  • Sample

    220625-h8wj6sdcf5

  • MD5

    0b3456561b7942aa67403cddc1fad2bd

  • SHA1

    6f68e8fc61f62196fdae16d51951e396773bdcac

  • SHA256

    6b1ae552c0890ea478ee255346d2e172d3eeefbafb2191a12c54b81b6457297f

  • SHA512

    59b5b9d57315da0aecfec8a8483d253a284d2259990439520cd1ed1c23fa26ecfe531fff2d97c0dd2284a48b9212fdd9c3a9bdac60603c8df695a09c84332b7d

Malware Config

Extracted

Family

xorddos

C2

23.234.52.54:5009

zxchk.xicp.net:5009

Targets

    • Target

      6b1ae552c0890ea478ee255346d2e172d3eeefbafb2191a12c54b81b6457297f

    • Size

      647KB

    • MD5

      0b3456561b7942aa67403cddc1fad2bd

    • SHA1

      6f68e8fc61f62196fdae16d51951e396773bdcac

    • SHA256

      6b1ae552c0890ea478ee255346d2e172d3eeefbafb2191a12c54b81b6457297f

    • SHA512

      59b5b9d57315da0aecfec8a8483d253a284d2259990439520cd1ed1c23fa26ecfe531fff2d97c0dd2284a48b9212fdd9c3a9bdac60603c8df695a09c84332b7d

    Score
    7/10
    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks