General
-
Target
35bc8d41eb573e8553bb7be33ab0b2ca1ce3b87842e8f6e8f383e6f13b57d9e5
-
Size
611KB
-
Sample
220626-2757rsgbg5
-
MD5
9bd509238c2e3e4801daba9ca2860a4d
-
SHA1
e95528ee6285d128d560966b18f069537a97154c
-
SHA256
35bc8d41eb573e8553bb7be33ab0b2ca1ce3b87842e8f6e8f383e6f13b57d9e5
-
SHA512
fbf287f9c9f695ad9eb6c1327be73ef9b4bd39a8eac22a84dea23f17878287847b9173e8e5cb219d6ae9b8efebf19e9425bcd9bbfd688c7716900cfb416a78f0
Static task
static1
Behavioral task
behavioral1
Sample
35bc8d41eb573e8553bb7be33ab0b2ca1ce3b87842e8f6e8f383e6f13b57d9e5
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
.com:3309
ww.myserv012.com:3309
ww.search2c.com:3309
Targets
-
-
Target
35bc8d41eb573e8553bb7be33ab0b2ca1ce3b87842e8f6e8f383e6f13b57d9e5
-
Size
611KB
-
MD5
9bd509238c2e3e4801daba9ca2860a4d
-
SHA1
e95528ee6285d128d560966b18f069537a97154c
-
SHA256
35bc8d41eb573e8553bb7be33ab0b2ca1ce3b87842e8f6e8f383e6f13b57d9e5
-
SHA512
fbf287f9c9f695ad9eb6c1327be73ef9b4bd39a8eac22a84dea23f17878287847b9173e8e5cb219d6ae9b8efebf19e9425bcd9bbfd688c7716900cfb416a78f0
Score10/10-
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-