93277cd1b82d0f0442d636ef8368f313f7549147c8e364701d9fb0d4faea2b70

Analysis

max time kernel
0s
max time network
107s
platform
linux_amd64
resource
ubuntu1804-amd64-en-20211208
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
17-07-2022 01:12

Target

93277cd1b82d0f0442d636ef8368f313f7549147c8e364701d9fb0d4faea2b70
Size

535KB
MD5

5301e9a148513c60ee6acff9d239d773
SHA1

d6a34326fa20f9ba58f2a873abb2c812a3ee5d66
SHA256

93277cd1b82d0f0442d636ef8368f313f7549147c8e364701d9fb0d4faea2b70
SHA512

1d9d44d847f3d769048b52b48da4045e230f46892c73f4b2a15fdb8e25ef8f3e3558c910091b70873bffd7084c5cc502044aef9926dc2e82ac18d828c0020c81

Score

10^/10

suricata: ET MALWARE DDoS.XOR Checkin
suricata: ET MALWARE DDoS.XOR Checkin
suricata
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
suricata: ET MALWARE Likely Linux/Xorddos.F DDoS Attack Participation (aa.hostasa.org)
suricata

Writes file to system bin folder 1 TTPs 4 IoCs

Hijack Execution Flow

Processes:

Creates/modifies Cron job 1 TTPs 2 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

Scheduled Task

Processes:

sedsh

description	ioc	Process
/etc/crontab	/etc/crontab	sed
/etc/crontab	/etc/crontab	sh

Modifies rc script 1 TTPs 12 IoCs

Adding/modifying system rc scripts is a common persistence mechanism.

Boot or Logon Autostart Execution

Processes:

update-rc.d

description	ioc	Process
/etc/rc5.d/	/etc/rc5.d/	update-rc.d
/etc/rc3.d/	/etc/rc3.d/	update-rc.d
/etc/rc6.d/	/etc/rc6.d/	update-rc.d
/etc/rc1.d/	/etc/rc1.d/	update-rc.d
/etc/rc2.d/S9093277cd1b82d0f0442d636ef8368f313f7549147c8e364701d9fb0d4faea2b70	/etc/rc2.d/S9093277cd1b82d0f0442d636ef8368f313f7549147c8e364701d9fb0d4faea2b70