Analysis

  • max time kernel
    0s
  • max time network
    32s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • submitted
    08-07-2022 05:39

General

  • Target

    bf806503ac5be57798f50d5b50901b295fc27b66bb5bfc8da9ee19f4ede394a5

  • Size

    535KB

  • MD5

    41765670191769f8f994501277f29de3

  • SHA1

    4b8ffeca421ad2bfefcfec7e3a111344fbd3d7f6

  • SHA256

    bf806503ac5be57798f50d5b50901b295fc27b66bb5bfc8da9ee19f4ede394a5

  • SHA512

    3f07ed855b6b99a0d276dc094ca2101a4e841b54dffbddc2c6f05161e71187f3912a4d1e163d70979ecf1ad73d7fac155aed2c6840a8cc7a353ffaab40a7de10

Score
10/10

Malware Config

Signatures

  • suricata: ET MALWARE DDoS.XOR Checkin

    suricata: ET MALWARE DDoS.XOR Checkin

  • suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)

    suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)

  • Writes file to system bin folder 1 TTPs 3 IoCs
  • Creates/modifies Cron job 1 TTPs 2 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Modifies rc script 1 TTPs 12 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.