General

  • Target

    8c6bbb725bc71e9b035d404d4c5f13b3ed986ca5f151562a21ad06afde7cc23d

  • Size

    546KB

  • Sample

    220630-xx2dlsbbg7

  • MD5

    dbda3916527ce3550f2277037efed5df

  • SHA1

    cda512f6f8e0de1f9e127d70d58ef609cb101f6c

  • SHA256

    8c6bbb725bc71e9b035d404d4c5f13b3ed986ca5f151562a21ad06afde7cc23d

  • SHA512

    202ec977b26331e79fa84cc79bcbf27312f351b9ba304105c7a51b6e86c708c99bd99894ca4c9f6f72d547ab446e402ad28d83d8f249325ffcef11c9ecd26709

Malware Config

Extracted

Family

xorddos

C2

topbannersun.com:6993

wowapplecar.com:6993

Targets

    • Target

      8c6bbb725bc71e9b035d404d4c5f13b3ed986ca5f151562a21ad06afde7cc23d

    • Size

      546KB

    • MD5

      dbda3916527ce3550f2277037efed5df

    • SHA1

      cda512f6f8e0de1f9e127d70d58ef609cb101f6c

    • SHA256

      8c6bbb725bc71e9b035d404d4c5f13b3ed986ca5f151562a21ad06afde7cc23d

    • SHA512

      202ec977b26331e79fa84cc79bcbf27312f351b9ba304105c7a51b6e86c708c99bd99894ca4c9f6f72d547ab446e402ad28d83d8f249325ffcef11c9ecd26709

    Score
    10/10
    • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

      suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    • Writes file to system bin folder

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks