Analysis

  • max time kernel
    0s
  • max time network
    29s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • submitted
    12-07-2022 09:49

General

  • Target

    4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f

  • Size

    535KB

  • MD5

    d4e910512ed8d1b88c960ac60320db24

  • SHA1

    dfde60603b15b4672e05fbb9002e4ba559c29dd1

  • SHA256

    4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f

  • SHA512

    0415413ca7e92f7dc51e7c696b4b72fb2a60e757d6112e0b7270ffe4fe1c17ec5d31f722b95d74a85c3cde264c14bdc4d9cd5bcd52b453f59b82afea2aa5f58b

Score
10/10

Malware Config

Signatures

  • suricata: ET MALWARE DDoS.XOR Checkin

    suricata: ET MALWARE DDoS.XOR Checkin

  • suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)

    suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)

  • Writes file to system bin folder 1 TTPs 3 IoCs
  • Creates/modifies Cron job 1 TTPs 2 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

  • Modifies rc script 1 TTPs 12 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.