General

  • Target

    fcd07d256369be4cc212f091d0da2968773d76bd0cea166d3f843c1513d15a79

  • Size

    546KB

  • Sample

    220625-mbyeqagcdn

  • MD5

    0c8602762a0f09ab3504f9e600c56fcc

  • SHA1

    d3c4ad0e005a5f62c59cf022cae1757564c7b387

  • SHA256

    fcd07d256369be4cc212f091d0da2968773d76bd0cea166d3f843c1513d15a79

  • SHA512

    2de59573ef1bad7468a9f3012649219de49d0ec52b75cf3aba64dfe3757eca9f37c6695af14a97c53852ffdbb8d3bdacc89610d4dd5a5d20725cef1642358610

Malware Config

Extracted

Family

xorddos

C2

topbannersun.com:6622

wowapplecar.com:6622

Targets

    • Target

      fcd07d256369be4cc212f091d0da2968773d76bd0cea166d3f843c1513d15a79

    • Size

      546KB

    • MD5

      0c8602762a0f09ab3504f9e600c56fcc

    • SHA1

      d3c4ad0e005a5f62c59cf022cae1757564c7b387

    • SHA256

      fcd07d256369be4cc212f091d0da2968773d76bd0cea166d3f843c1513d15a79

    • SHA512

      2de59573ef1bad7468a9f3012649219de49d0ec52b75cf3aba64dfe3757eca9f37c6695af14a97c53852ffdbb8d3bdacc89610d4dd5a5d20725cef1642358610

    Score
    10/10
    • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

      suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    • Writes file to system bin folder

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks