Extracted

• • Target

    c834ff606cac01e6222dd870589cdc65888671a83d36713b5a5c7f5f540960c3

  • Size

    611KB

  • MD5

    3bfffc5d270ac0dac30e86ba3e39dc33

  • SHA1

    cc34949fa834dccc053f176567a99d50d0b7e6c4

  • SHA256

    c834ff606cac01e6222dd870589cdc65888671a83d36713b5a5c7f5f540960c3

  • SHA512

    a1d377565b44361b90203935a583a73b02fcfd4ade93bb59ab0fe3ec7750fc7d2ed80762773938008ac4d4a5534e4433b0584eb1271dcdb124d497507c8a6a31

  Score

  10^/10

  persistencesuricata

  • suricata: ET MALWARE DDoS.XOR Checkin

    suricata: ET MALWARE DDoS.XOR Checkin

    suricata

  • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    suricata

  • Writes file to system bin folder

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies rc script

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Write file to user bin folder

  • Reads runtime system information

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1