Analysis
-
max time kernel
0s -
max time network
32s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
submitted
08-07-2022 05:39
Static task
static1
Behavioral task
behavioral1
Sample
bf806503ac5be57798f50d5b50901b295fc27b66bb5bfc8da9ee19f4ede394a5
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
bf806503ac5be57798f50d5b50901b295fc27b66bb5bfc8da9ee19f4ede394a5
-
Size
535KB
-
MD5
41765670191769f8f994501277f29de3
-
SHA1
4b8ffeca421ad2bfefcfec7e3a111344fbd3d7f6
-
SHA256
bf806503ac5be57798f50d5b50901b295fc27b66bb5bfc8da9ee19f4ede394a5
-
SHA512
3f07ed855b6b99a0d276dc094ca2101a4e841b54dffbddc2c6f05161e71187f3912a4d1e163d70979ecf1ad73d7fac155aed2c6840a8cc7a353ffaab40a7de10
Malware Config
Signatures
-
suricata: ET MALWARE DDoS.XOR Checkin
suricata: ET MALWARE DDoS.XOR Checkin
-
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
-
Writes file to system bin folder 1 TTPs 3 IoCs
Processes:
description ioc /bin/nhsqbfsokw /bin/nhsqbfsokw /bin/vbrcxopyvv /bin/vbrcxopyvv /bin/qjmdwykndz /bin/qjmdwykndz -
Creates/modifies Cron job 1 TTPs 2 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
sedshdescription ioc Process /etc/crontab /etc/crontab sed /etc/crontab /etc/crontab sh -
Modifies rc script 1 TTPs 12 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
update-rc.ddescription ioc Process /etc/rc2.d/ /etc/rc2.d/ update-rc.d /etc/rc6.d/ /etc/rc6.d/ update-rc.d /etc/rc2.d/S90bf806503ac5be57798f50d5b50901b295fc27b66bb5bfc8da9ee19f4ede394a5 /etc/rc2.d/S90bf806503ac5be57798f50d5b50901b295fc27b66bb5bfc8da9ee19f4ede394a5