General

  • Target

    364bacf383c887e8063ac2274be0f9b6cabc0b9fe55e38abb564e34419f0be12

  • Size

    611KB

  • Sample

    220626-dhcxxseebp

  • MD5

    7775b18dfecc3e23bf7d42aec205c7e2

  • SHA1

    0af3cee9f8735f8c2cec7e6a0bc569325ada12ac

  • SHA256

    364bacf383c887e8063ac2274be0f9b6cabc0b9fe55e38abb564e34419f0be12

  • SHA512

    4fa40121766ca6696728f3b836a5242cd3e429d96ea33eae74e0c41ef0a42362a83df8a43563487069de67657cca5883260e299f06894b9160261ff1cdce2e43

Malware Config

Extracted

Family

xorddos

C2

ppp.gggatat456.com:443

ppp.xxxatat456.com:443

p5.dddgata789.com:443

p5.lpjulidny7.com:443

Targets

    • Target

      364bacf383c887e8063ac2274be0f9b6cabc0b9fe55e38abb564e34419f0be12

    • Size

      611KB

    • MD5

      7775b18dfecc3e23bf7d42aec205c7e2

    • SHA1

      0af3cee9f8735f8c2cec7e6a0bc569325ada12ac

    • SHA256

      364bacf383c887e8063ac2274be0f9b6cabc0b9fe55e38abb564e34419f0be12

    • SHA512

      4fa40121766ca6696728f3b836a5242cd3e429d96ea33eae74e0c41ef0a42362a83df8a43563487069de67657cca5883260e299f06894b9160261ff1cdce2e43

    Score
    10/10
    • suricata: ET MALWARE DDoS.XOR Checkin

      suricata: ET MALWARE DDoS.XOR Checkin

    • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

      suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks