Overview

overview

10

Static

static

10

4932e9bf97...021999

linux_amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4932e9bf97b96f75bc2eb49e3d2e3dc38c3b505d071908991f5e387262021999

  • Size

    611KB

  • Sample

    220714-awk9nsghd5

  • MD5

    66f929b10533965d9907611fc993fbc8

  • SHA1

    701c772ce8dc999e5f07826161e59bfd6f8282d6

  • SHA256

    4932e9bf97b96f75bc2eb49e3d2e3dc38c3b505d071908991f5e387262021999

  • SHA512

    e56d176d92b1eca7c45b82dcef886d7ea25b1721beaed008b59ad54280b0c347531e1a30e42a5c798c5c5e9963ca98d171706097c5203a6b39906485817443fa

Score
10/10
xorddoslinuxpersistencesuricata

Malware Config

Extracted

Family

xorddos

C2

http://pcdown.gddos.com:8080

soft8.gddos.com:80

203.12.202.137:80

p.assword.xyz:80

Targets

    • Target

      4932e9bf97b96f75bc2eb49e3d2e3dc38c3b505d071908991f5e387262021999

    • Size

      611KB

    • MD5

      66f929b10533965d9907611fc993fbc8

    • SHA1

      701c772ce8dc999e5f07826161e59bfd6f8282d6

    • SHA256

      4932e9bf97b96f75bc2eb49e3d2e3dc38c3b505d071908991f5e387262021999

    • SHA512

      e56d176d92b1eca7c45b82dcef886d7ea25b1721beaed008b59ad54280b0c347531e1a30e42a5c798c5c5e9963ca98d171706097c5203a6b39906485817443fa

    Score
    10/10
    persistencesuricata

    • suricata: ET MALWARE DDoS.XOR Checkin

      suricata: ET MALWARE DDoS.XOR Checkin

      suricata

    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks