Analysis
-
max time kernel
0s -
max time network
29s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
submitted
12-07-2022 09:49
Static task
static1
Behavioral task
behavioral1
Sample
4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f
Resource
ubuntu1804-amd64-en-20211208
General
-
Target
4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f
-
Size
535KB
-
MD5
d4e910512ed8d1b88c960ac60320db24
-
SHA1
dfde60603b15b4672e05fbb9002e4ba559c29dd1
-
SHA256
4b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f
-
SHA512
0415413ca7e92f7dc51e7c696b4b72fb2a60e757d6112e0b7270ffe4fe1c17ec5d31f722b95d74a85c3cde264c14bdc4d9cd5bcd52b453f59b82afea2aa5f58b
Malware Config
Signatures
-
suricata: ET MALWARE DDoS.XOR Checkin
suricata: ET MALWARE DDoS.XOR Checkin
-
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
-
Writes file to system bin folder 1 TTPs 3 IoCs
Processes:
description ioc /bin/duucgfjgct /bin/duucgfjgct /bin/ujozaagxvz /bin/ujozaagxvz /bin/nctcjpjnar /bin/nctcjpjnar -
Creates/modifies Cron job 1 TTPs 2 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
Processes:
sedshdescription ioc Process /etc/crontab /etc/crontab sed /etc/crontab /etc/crontab sh -
Modifies rc script 1 TTPs 12 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
update-rc.ddescription ioc Process /etc/rc1.d/S904b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f /etc/rc1.d/S904b7b1f678e499bab4d7b16503d15089b81e9358a69439ca06fcacabcd73ed48f