xorddos | fa0a5c652d3a69d21ce4a5eb65f95537d880fd41190d73eaffc38aa070047108 | Triage

Sharing

General

Target

fa0a5c652d3a69d21ce4a5eb65f95537d880fd41190d73eaffc38aa070047108
Size

611KB
Sample

220701-fdvnaacegr
MD5

79a7792955c2e7137c68bec4803ce65b
SHA1

43763f2832b4329f2c3f8aca4fba6aa3522351f8
SHA256

fa0a5c652d3a69d21ce4a5eb65f95537d880fd41190d73eaffc38aa070047108
SHA512

360fc13ede6a35ae5fd489a48a760d99fc3c027000cf42da3c6f6a6cb9d0834692395547275751fe568cf0290de45a6d1c7d12c04a36297d17ce237da9aad3e3

Score

10^/10

xorddos linux persistence

Malware Config

Extracted

Family

xorddos

C2

num.com:8000

cdn.netflix2cdn.com:8000

cdn.finance1num.com:8000

Targets

- Target
  
  fa0a5c652d3a69d21ce4a5eb65f95537d880fd41190d73eaffc38aa070047108
- Size
  
  611KB
- MD5
  
  79a7792955c2e7137c68bec4803ce65b
- SHA1
  
  43763f2832b4329f2c3f8aca4fba6aa3522351f8
- SHA256
  
  fa0a5c652d3a69d21ce4a5eb65f95537d880fd41190d73eaffc38aa070047108
- SHA512
  
  360fc13ede6a35ae5fd489a48a760d99fc3c027000cf42da3c6f6a6cb9d0834692395547275751fe568cf0290de45a6d1c7d12c04a36297d17ce237da9aad3e3
Score

9^/10

persistence
- Writes file to system bin folder
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Write file to user bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1