Analysis
-
max time kernel
0s -
max time network
31s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
submitted
07-07-2022 10:34
Static task
static1
Behavioral task
behavioral1
Sample
45deebda9ff6b01eaeb6961b22066709f7df31c4e5f53acc76c3488483807f7e
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
45deebda9ff6b01eaeb6961b22066709f7df31c4e5f53acc76c3488483807f7e
-
Size
611KB
-
MD5
63877c8af701e337108a87181e13a855
-
SHA1
2c778383d1e411a83415d6d43f6ca6699248f8ec
-
SHA256
45deebda9ff6b01eaeb6961b22066709f7df31c4e5f53acc76c3488483807f7e
-
SHA512
835d019e77b8200b738a788bb3e575854816293a5dd1a36006698f8b467feff55a9099da94a46a7176b470810b90aae26ba8cc0c3fdd933fe7c849b1d3348a2a
Malware Config
Signatures
-
suricata: ET MALWARE DDoS.XOR Checkin
suricata: ET MALWARE DDoS.XOR Checkin
-
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
-
Writes file to system bin folder 1 TTPs 3 IoCs
Processes:
description ioc /bin/vdlqcyecow /bin/vdlqcyecow /bin/kiqfzuiztr /bin/kiqfzuiztr /bin/ukobftptht /bin/ukobftptht -
Creates/modifies Cron job 1 TTPs 2 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
sedshdescription ioc Process /etc/crontab /etc/crontab sed /etc/crontab /etc/crontab sh -
Modifies rc script 1 TTPs 12 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
update-rc.ddescription ioc Process /etc/rc6.d/ /etc/rc6.d/ update-rc.d /etc/rc3.d/S9045deebda9ff6b01eaeb6961b22066709f7df31c4e5f53acc76c3488483807f7e /etc/rc3.d/S9045deebda9ff6b01eaeb6961b22066709f7df31c4e5f53acc76c3488483807f7e