Analysis
-
max time kernel
0s -
max time network
115s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
submitted
14-07-2022 05:39
Static task
static1
Behavioral task
behavioral1
Sample
47bf33fd353be8b334f188c839dac4a6a1b71fe220a1c98122628cc5fddabe3d
Resource
ubuntu1804-amd64-en-20211208
linux_amd64
0 signatures
0 seconds
General
-
Target
47bf33fd353be8b334f188c839dac4a6a1b71fe220a1c98122628cc5fddabe3d
-
Size
544KB
-
MD5
2fd1d1a39b6c6a58fb55967d3c23dfac
-
SHA1
9aafe38a1eb05565479bf6cf30ea32b4ef51bbeb
-
SHA256
47bf33fd353be8b334f188c839dac4a6a1b71fe220a1c98122628cc5fddabe3d
-
SHA512
99063a0f2cbf0473821ee0bc242f6edfc676f4e7b9ea61f7a1a9c84c5df30a6b42afb8a3e8e8e2c8380bfe98b261dc5100710e793a7162ce5eb17fc02770948b
Score
10/10
Malware Config
Signatures
-
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
suricata: ET MALWARE DDoS.XOR Checkin via HTTP
-
Writes file to system bin folder 1 TTPs 22 IoCs
Processes:
description ioc /bin/dyslsdip /bin/dyslsdip /bin/jbyefwwq /bin/jbyefwwq /bin/bagcxuwahsqeyi /bin/bagcxuwahsqeyi /bin/ruszsrfbo /bin/ruszsrfbo /bin/kjjdlkigwfvjt /bin/kjjdlkigwfvjt /bin/vymwrexbnjhzvr /bin/vymwrexbnjhzvr /bin/ryedrfji /bin/ryedrfji /bin/yftjkewcu /bin/yftjkewcu /bin/kyefqpnwvlozby /bin/kyefqpnwvlozby /bin/gposnxguj /bin/gposnxguj /bin/jvlanubnzgmxz /bin/jvlanubnzgmxz /bin/orqmaqn /bin/orqmaqn /bin/sqbgddtq /bin/sqbgddtq /bin/ieeyseohuang /bin/ieeyseohuang /bin/blbgengjgpvl /bin/blbgengjgpvl /bin/sblvqwep /bin/sblvqwep /bin/yylwcq /bin/yylwcq /bin/bbnfoolalmf /bin/bbnfoolalmf /bin/kekcfevkhjfl /bin/kekcfevkhjfl /bin/jokskpsapph /bin/jokskpsapph /bin/jlgkoznqbtq /bin/jlgkoznqbtq /bin/zzkbygyyq /bin/zzkbygyyq -
Modifies rc script 1 TTPs 5 IoCs
Adding/modifying system rc scripts is a common persistence mechanism.
Processes:
description ioc /etc/rc2.d/S90kacpscbjyfzqq /etc/rc2.d/S90kacpscbjyfzqq /etc/rc3.d/S90kacpscbjyfzqq /etc/rc3.d/S90kacpscbjyfzqq /etc/rc4.d/S90kacpscbjyfzqq /etc/rc4.d/S90kacpscbjyfzqq /etc/rc5.d/S90kacpscbjyfzqq /etc/rc5.d/S90kacpscbjyfzqq /etc/rc1.d/S90kacpscbjyfzqq /etc/rc1.d/S90kacpscbjyfzqq -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes:
description ioc /tmp/47bf33fd353be8b334f188c839dac4a6a1b71fe220a1c98122628cc5fddabe3d /tmp/47bf33fd353be8b334f188c839dac4a6a1b71fe220a1c98122628cc5fddabe3d
Processes
-
./47bf33fd353be8b334f188c839dac4a6a1b71fe220a1c98122628cc5fddabe3d./47bf33fd353be8b334f188c839dac4a6a1b71fe220a1c98122628cc5fddabe3d1⤵PID:577
-
/bin/qqzfyjbcspcak/bin/qqzfyjbcspcak1⤵PID:581
-
/bin/jokskpsapph/bin/jokskpsapph -d 5821⤵PID:586
-
/bin/jlgkoznqbtq/bin/jlgkoznqbtq -d 5821⤵PID:589
-
/bin/kjjdlkigwfvjt/bin/kjjdlkigwfvjt -d 5821⤵PID:596
-
/bin/gposnxguj/bin/gposnxguj -d 5821⤵PID:599
-
/bin/vymwrexbnjhzvr/bin/vymwrexbnjhzvr -d 5821⤵PID:602
-
/bin/ryedrfji/bin/ryedrfji -d 5821⤵PID:605
-
/bin/dyslsdip/bin/dyslsdip -d 5821⤵PID:608
-
/bin/sblvqwep/bin/sblvqwep -d 5821⤵PID:611
-
/bin/yylwcq/bin/yylwcq -d 5821⤵PID:614
-
/bin/jbyefwwq/bin/jbyefwwq -d 5821⤵PID:617
-
/bin/bagcxuwahsqeyi/bin/bagcxuwahsqeyi -d 5821⤵PID:620
-
/bin/jvlanubnzgmxz/bin/jvlanubnzgmxz -d 5821⤵PID:623
-
/bin/zzkbygyyq/bin/zzkbygyyq -d 5821⤵PID:626
-
/bin/ruszsrfbo/bin/ruszsrfbo -d 5821⤵PID:629
-
/bin/bbnfoolalmf/bin/bbnfoolalmf -d 5821⤵PID:632
-
/bin/orqmaqn/bin/orqmaqn -d 5821⤵PID:635
-
/bin/kekcfevkhjfl/bin/kekcfevkhjfl -d 5821⤵PID:638
-
/bin/sqbgddtq/bin/sqbgddtq -d 5821⤵PID:641
-
/bin/ieeyseohuang/bin/ieeyseohuang -d 5821⤵PID:644
-
/bin/yftjkewcu/bin/yftjkewcu -d 5821⤵PID:647
-
/bin/kyefqpnwvlozby/bin/kyefqpnwvlozby -d 5821⤵PID:650
-
/bin/blbgengjgpvl/bin/blbgengjgpvl -d 5821⤵PID:653