Extracted

• • Target

    libudev.so

  • Size

    611KB

  • MD5

    7dc92a289a05c45d4179a322344ad09c

  • SHA1

    be912477f64a1ee9f2d8ddaebce6efdfd00e7ccd

  • SHA256

    8642022960d919321ccfcfb0a0cd631db0e5dac3e75014fc0c4cc6ff413c72c5

  • SHA512

    717f42d45fb07173bfc47b1fca26e85222ee676f2164a0f84d584eda963f67bbde8c68695e708b07ef6d5e2101510ee077eae1653ae66a7c7c90397e869f29bf

  Score

  10^/10

  discoverypersistencesuricata

  • suricata: ET MALWARE DDoS.XOR Checkin

    suricata: ET MALWARE DDoS.XOR Checkin

    suricata

  • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    suricata

  • Creates a large amount of network flows

    This may indicate a network scan to discover remotely running services.

    discovery

  • Writes file to system bin folder

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies rc script

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Write file to user bin folder

  • Reads runtime system information

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1