General
-
Target
aafb7c71f2fff23af7cfb7b20d78b6ba278a2aaa3b482516f9c95e4973fa6fa2
-
Size
535KB
-
Sample
220625-zd9xrabbgr
-
MD5
3843a9abd985fbc02f5f893070e4f09d
-
SHA1
2ec63298b82e20e934efe47fb468fe3eb7c34879
-
SHA256
aafb7c71f2fff23af7cfb7b20d78b6ba278a2aaa3b482516f9c95e4973fa6fa2
-
SHA512
cada58c54e1501405b0439146839c8a524130c1a209232433579aa21e9bb4a4fb2f5f74bfe9dcfe6f95b97c1d85d929023be851316b5be656fc6fef2c4ec0cd9
Static task
static1
Behavioral task
behavioral1
Sample
aafb7c71f2fff23af7cfb7b20d78b6ba278a2aaa3b482516f9c95e4973fa6fa2
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
tat456.com:1523
ppp.gggatat456.com:1523
ppp.xxxatat456.com:1523
www1.gggatat456.com:1523
Targets
-
-
Target
aafb7c71f2fff23af7cfb7b20d78b6ba278a2aaa3b482516f9c95e4973fa6fa2
-
Size
535KB
-
MD5
3843a9abd985fbc02f5f893070e4f09d
-
SHA1
2ec63298b82e20e934efe47fb468fe3eb7c34879
-
SHA256
aafb7c71f2fff23af7cfb7b20d78b6ba278a2aaa3b482516f9c95e4973fa6fa2
-
SHA512
cada58c54e1501405b0439146839c8a524130c1a209232433579aa21e9bb4a4fb2f5f74bfe9dcfe6f95b97c1d85d929023be851316b5be656fc6fef2c4ec0cd9
Score10/10-
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-