Overview

overview

10

Static

static

10

ubuntu18

ubuntu-18.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0f1a988fce9c371d7c05041ed005565cc0904807

  • Size

    596KB

  • Sample

    221219-wctbtsaf8w

  • MD5

    0114778d6fe0d93232be361a9459a3ee

  • SHA1

    0f1a988fce9c371d7c05041ed005565cc0904807

  • SHA256

    fddac0fcf52b657861cd817200d4f8f5d051a262b72d6d995084d681dc7136da

  • SHA512

    d4f7ad8adc3cdaff8cdc629b44a5d83cca9043a9fd62dd3b67a6bb054c9c0588da63e6447497d3fa01e4fd31d8169ddfa5fbc10661461aa1780b9a5309c47803

  • SSDEEP

    12288:0PTJS+naeW9kclFEcMWbHdxZ7GkR2fD/6y9P/6Ah7Dxu9hc78:UTJfrW99q4bHdxZ7G1fDF7D4XcQ

Score
10/10
xorddoslinuxpersistence

Malware Config

Extracted

Family

xorddos

C2

dns-google.org:60000

a-dns-google.com:60000

uc.twjiasu.com:8080

Targets

    • Target

      0f1a988fce9c371d7c05041ed005565cc0904807

    • Size

      596KB

    • MD5

      0114778d6fe0d93232be361a9459a3ee

    • SHA1

      0f1a988fce9c371d7c05041ed005565cc0904807

    • SHA256

      fddac0fcf52b657861cd817200d4f8f5d051a262b72d6d995084d681dc7136da

    • SHA512

      d4f7ad8adc3cdaff8cdc629b44a5d83cca9043a9fd62dd3b67a6bb054c9c0588da63e6447497d3fa01e4fd31d8169ddfa5fbc10661461aa1780b9a5309c47803

    • SSDEEP

      12288:0PTJS+naeW9kclFEcMWbHdxZ7GkR2fD/6y9P/6Ah7Dxu9hc78:UTJfrW99q4bHdxZ7G1fDF7D4XcQ

    Score
    9/10
    persistence

    • Writes file to system bin folder

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

      persistence

    • Write file to user bin folder

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1

MITRE ATT&CK Enterprise v6

Tasks