Extracted

• • Target

    93277cd1b82d0f0442d636ef8368f313f7549147c8e364701d9fb0d4faea2b70

  • Size

    535KB

  • MD5

    5301e9a148513c60ee6acff9d239d773

  • SHA1

    d6a34326fa20f9ba58f2a873abb2c812a3ee5d66

  • SHA256

    93277cd1b82d0f0442d636ef8368f313f7549147c8e364701d9fb0d4faea2b70

  • SHA512

    1d9d44d847f3d769048b52b48da4045e230f46892c73f4b2a15fdb8e25ef8f3e3558c910091b70873bffd7084c5cc502044aef9926dc2e82ac18d828c0020c81

  Score

  10^/10

  persistencesuricata

  • suricata: ET MALWARE DDoS.XOR Checkin

    suricata: ET MALWARE DDoS.XOR Checkin

    suricata

  • suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)

    suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)

    suricata

  • Writes file to system bin folder

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies rc script

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence

  • Write file to user bin folder

  • Reads runtime system information

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory

    Malware often drops required files in the /tmp directory.

  behavioral1