Extracted

• • Target

    47bf33fd353be8b334f188c839dac4a6a1b71fe220a1c98122628cc5fddabe3d

  • Size

    544KB

  • MD5

    2fd1d1a39b6c6a58fb55967d3c23dfac

  • SHA1

    9aafe38a1eb05565479bf6cf30ea32b4ef51bbeb

  • SHA256

    47bf33fd353be8b334f188c839dac4a6a1b71fe220a1c98122628cc5fddabe3d

  • SHA512

    99063a0f2cbf0473821ee0bc242f6edfc676f4e7b9ea61f7a1a9c84c5df30a6b42afb8a3e8e8e2c8380bfe98b261dc5100710e793a7162ce5eb17fc02770948b

  Score

  10^/10

  persistencesuricata

  • suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    suricata: ET MALWARE DDoS.XOR Checkin via HTTP

    suricata

  • Writes file to system bin folder

  • Modifies rc script

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1