xorddos | 9f83c56e811f5dbbc7695a235c928579a9025e91faf85a477e750ebf2c1c7d44 | Triage

Sharing

General

Target

9f83c56e811f5dbbc7695a235c928579a9025e91faf85a477e750ebf2c1c7d44
Size

544KB
Sample

220705-cgqlysehd8
MD5

c281f342cc1da43a9840bc3ac048b6a6
SHA1

c07ae6a40a3284beb287458f6c2bd73931ab1cd3
SHA256

9f83c56e811f5dbbc7695a235c928579a9025e91faf85a477e750ebf2c1c7d44
SHA512

3c86010a327976859e987c17e327c3e849aa3a4d1faaaedf66423e2928b33fe90ba2ea9b33d1aeb8e973f2315a2a409836dbabf14314f4fd7a6d87ce3e948716

Score

10^/10

xorddos linux persistence suricata

Malware Config

Extracted

Family

xorddos

C2

topbannersun.com:1433

wowapplecar.com:1433

Targets

- Target
  
  9f83c56e811f5dbbc7695a235c928579a9025e91faf85a477e750ebf2c1c7d44
- Size
  
  544KB
- MD5
  
  c281f342cc1da43a9840bc3ac048b6a6
- SHA1
  
  c07ae6a40a3284beb287458f6c2bd73931ab1cd3
- SHA256
  
  9f83c56e811f5dbbc7695a235c928579a9025e91faf85a477e750ebf2c1c7d44
- SHA512
  
  3c86010a327976859e987c17e327c3e849aa3a4d1faaaedf66423e2928b33fe90ba2ea9b33d1aeb8e973f2315a2a409836dbabf14314f4fd7a6d87ce3e948716
Score

10^/10

persistence suricata
- suricata: ET MALWARE DDoS.XOR Checkin via HTTP
  suricata: ET MALWARE DDoS.XOR Checkin via HTTP
  suricata
- Writes file to system bin folder
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencesuricata