Overview

overview

10

Static

static

10

4f02cc4d54...ade853

ubuntu-18.04-amd64

9

Resubmissions

05-09-2022 12:12

220905-pdhs6agfgj 10

03-09-2022 22:20

220903-185rysgeb2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

  • Size

    549KB

  • Sample

    220903-185rysgeb2

  • MD5

    63d6cd74a7cd01bf3a3921c36e90237f

  • SHA1

    f697783da228c7787cf1c6a67a10a8c065d6aaa7

  • SHA256

    4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

  • SHA512

    51b1aef53c8277b8700630b144f15c9a41df358a43d71ef0b9352bbdf71c8777774f1ef1e361c8c95930143b54fcde590885242df3da60dce5b1a1d3761e2db3

  • SSDEEP

    12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO

Score
10/10
xorddoslinuxpersistence

Malware Config

Extracted

Family

xorddos

C2

www.imagetw0.com:889

www.myserv012.com:889

w.myserv012.com:889

Targets

    • Target

      4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

    • Size

      549KB

    • MD5

      63d6cd74a7cd01bf3a3921c36e90237f

    • SHA1

      f697783da228c7787cf1c6a67a10a8c065d6aaa7

    • SHA256

      4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

    • SHA512

      51b1aef53c8277b8700630b144f15c9a41df358a43d71ef0b9352bbdf71c8777774f1ef1e361c8c95930143b54fcde590885242df3da60dce5b1a1d3761e2db3

    • SSDEEP

      12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO

    Score
    9/10
    persistence

    • Writes file to system bin folder

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Writes file to shm directory

      Malware can drop malicious files in the shm directory which will run directly from RAM.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks