Analysis

  • max time kernel
    0s
  • max time network
    31s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • submitted
    07-07-2022 10:34

General

  • Target

    45deebda9ff6b01eaeb6961b22066709f7df31c4e5f53acc76c3488483807f7e

  • Size

    611KB

  • MD5

    63877c8af701e337108a87181e13a855

  • SHA1

    2c778383d1e411a83415d6d43f6ca6699248f8ec

  • SHA256

    45deebda9ff6b01eaeb6961b22066709f7df31c4e5f53acc76c3488483807f7e

  • SHA512

    835d019e77b8200b738a788bb3e575854816293a5dd1a36006698f8b467feff55a9099da94a46a7176b470810b90aae26ba8cc0c3fdd933fe7c849b1d3348a2a

Score
10/10

Malware Config

Signatures

  • suricata: ET MALWARE DDoS.XOR Checkin

    suricata: ET MALWARE DDoS.XOR Checkin

  • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    suricata: ET MALWARE DDoS.XOR Checkin via HTTP

  • Writes file to system bin folder 1 TTPs 3 IoCs
  • Creates/modifies Cron job 1 TTPs 2 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Modifies rc script 1 TTPs 12 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.