xorddos | 4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f | Triage

Submit
Reports

Overview

overview

Static

static

4b7b1f678e...3ed48f

linux_amd64

Sharing

General

Target

4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f
Size

535KB
Sample

220712-lthasacgdp
MD5

d4e910512ed8d1b88c960ac60320db24
SHA1

dfde60603b15b4672e05fbb9002e4ba559c29dd1
SHA256

4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f
SHA512

0415413ca7e92f7dc51e7c696b4b72fb2a60e757d6112e0b7270ffe4fe1c17ec5d31f722b95d74a85c3cde264c14bdc4d9cd5bcd52b453f59b82afea2aa5f58b

Score

10^/10

xorddos linux persistence suricata

Static task

static1

Behavioral task

behavioral1

Sample

4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f

Resource

ubuntu1804-amd64-en-20211208

persistence suricata

linux_amd64

0 signatures

0 seconds

Malware Config

Extracted

Family

xorddos

C2

tat456.com:1523

ppp.gggatat456.com:1523

ppp.xxxatat456.com:1523

www1.gggatat456.com:1523

Targets

- Target
  
  4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f
- Size
  
  535KB
- MD5
  
  d4e910512ed8d1b88c960ac60320db24
- SHA1
  
  dfde60603b15b4672e05fbb9002e4ba559c29dd1
- SHA256
  
  4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f
- SHA512
  
  0415413ca7e92f7dc51e7c696b4b72fb2a60e757d6112e0b7270ffe4fe1c17ec5d31f722b95d74a85c3cde264c14bdc4d9cd5bcd52b453f59b82afea2aa5f58b
Score

10^/10

persistence suricata
- suricata: ET MALWARE DDoS.XOR Checkin
  suricata: ET MALWARE DDoS.XOR Checkin
  suricata
- suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
  suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
  suricata
- Writes file to system bin folder
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Modifies rc script
  Adding/modifying system rc scripts is a common persistence mechanism.
  persistence
- Write file to user bin folder
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

persistencesuricata

© 2018-2024

Terms | Privacy