General
-
Target
364bacf383c887e8063ac2274be0f9b6cabc0b9fe55e38abb564e34419f0be12
-
Size
611KB
-
Sample
220626-dhcxxseebp
-
MD5
7775b18dfecc3e23bf7d42aec205c7e2
-
SHA1
0af3cee9f8735f8c2cec7e6a0bc569325ada12ac
-
SHA256
364bacf383c887e8063ac2274be0f9b6cabc0b9fe55e38abb564e34419f0be12
-
SHA512
4fa40121766ca6696728f3b836a5242cd3e429d96ea33eae74e0c41ef0a42362a83df8a43563487069de67657cca5883260e299f06894b9160261ff1cdce2e43
Static task
static1
Behavioral task
behavioral1
Sample
364bacf383c887e8063ac2274be0f9b6cabc0b9fe55e38abb564e34419f0be12
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
ppp.gggatat456.com:443
ppp.xxxatat456.com:443
p5.dddgata789.com:443
p5.lpjulidny7.com:443
Targets
-
-
Target
364bacf383c887e8063ac2274be0f9b6cabc0b9fe55e38abb564e34419f0be12
-
Size
611KB
-
MD5
7775b18dfecc3e23bf7d42aec205c7e2
-
SHA1
0af3cee9f8735f8c2cec7e6a0bc569325ada12ac
-
SHA256
364bacf383c887e8063ac2274be0f9b6cabc0b9fe55e38abb564e34419f0be12
-
SHA512
4fa40121766ca6696728f3b836a5242cd3e429d96ea33eae74e0c41ef0a42362a83df8a43563487069de67657cca5883260e299f06894b9160261ff1cdce2e43
Score10/10-
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-