General

  • Target

    93d43d76925dc4539b04f16afc8b52ad92fdc05f04fbce1231899546034c1a9f

  • Size

    596KB

  • Sample

    220701-c4zhdaadb5

  • MD5

    3f1f64c58bf4ba413a7b4242fb0a1546

  • SHA1

    8074bc8565bb08350010e7ce80ed5270abb1d08e

  • SHA256

    93d43d76925dc4539b04f16afc8b52ad92fdc05f04fbce1231899546034c1a9f

  • SHA512

    b4c424daf0ea08be669d0f2e5403af1a431f2d8ad2c49ef2398a38dbe205f5833b242f963a92c8397db400e4e253f2128cd08ce9d11b6fab23051d759bcb5525

Malware Config

Extracted

Family

xorddos

C2

dns-google.org:60000

a-dns-google.com:60000

uc.twjiasu.com:8080

Targets

    • Target

      93d43d76925dc4539b04f16afc8b52ad92fdc05f04fbce1231899546034c1a9f

    • Size

      596KB

    • MD5

      3f1f64c58bf4ba413a7b4242fb0a1546

    • SHA1

      8074bc8565bb08350010e7ce80ed5270abb1d08e

    • SHA256

      93d43d76925dc4539b04f16afc8b52ad92fdc05f04fbce1231899546034c1a9f

    • SHA512

      b4c424daf0ea08be669d0f2e5403af1a431f2d8ad2c49ef2398a38dbe205f5833b242f963a92c8397db400e4e253f2128cd08ce9d11b6fab23051d759bcb5525

    Score
    9/10
    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks