General
-
Target
aace5b50fd52bb363e455d55658139740e5eede1b93205a0256f122bf46f77bc
-
Size
596KB
-
Sample
221107-3l1ktshbdr
-
MD5
d182ba6ee51c8a03b588fae0a3a98b32
-
SHA1
97a69d150b3354d863e934b3b65272a1d813983a
-
SHA256
aace5b50fd52bb363e455d55658139740e5eede1b93205a0256f122bf46f77bc
-
SHA512
36e0b75fea7964daf77e4dc76b06b8e600e890cd25721e5367e7e6406f0d4430f7ebe1cc0e3886462f063feebbb4dc85d542821abab4763e030df25ba07d44da
-
SSDEEP
12288:rPTJS+naeW9kclFEcMWbHdxZ7GkR2fh/6y9P/YAh7Dxu9hc73:DTJfrW99q4bHdxZ7G1fhFND4Xcz
Malware Config
Extracted
xorddos
gh.dsaj2a1.org:2444
shaoqian.f3322.org:2444
183.60.202.2:2444
Targets
-
-
Target
aace5b50fd52bb363e455d55658139740e5eede1b93205a0256f122bf46f77bc
-
Size
596KB
-
MD5
d182ba6ee51c8a03b588fae0a3a98b32
-
SHA1
97a69d150b3354d863e934b3b65272a1d813983a
-
SHA256
aace5b50fd52bb363e455d55658139740e5eede1b93205a0256f122bf46f77bc
-
SHA512
36e0b75fea7964daf77e4dc76b06b8e600e890cd25721e5367e7e6406f0d4430f7ebe1cc0e3886462f063feebbb4dc85d542821abab4763e030df25ba07d44da
-
SSDEEP
12288:rPTJS+naeW9kclFEcMWbHdxZ7GkR2fh/6y9P/YAh7Dxu9hc73:DTJfrW99q4bHdxZ7G1fhFND4Xcz
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-