General
-
Target
ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73.elf
-
Size
549KB
-
Sample
221226-wnmnesdc93
-
MD5
f9191bab1e834d4aef3380700639cee9
-
SHA1
9c20269df6694260a24ac783de2e30d627a6928a
-
SHA256
ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73
-
SHA512
3d2758fe2d06183e627b5cc24919c08c84108f2efd7ab0a162029d55537476410d9535d50f3eb059f7153f7482c134284862eea121201f82838aace4b12283b5
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
Malware Config
Extracted
xorddos
api.markerbio.com:112
api.enoan2107.com:112
pi.enoan2107.com:112
Targets
-
-
Target
ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73.elf
-
Size
549KB
-
MD5
f9191bab1e834d4aef3380700639cee9
-
SHA1
9c20269df6694260a24ac783de2e30d627a6928a
-
SHA256
ea40ecec0b30982fbb1662e67f97f0e9d6f43d2d587f2f588525fae683abea73
-
SHA512
3d2758fe2d06183e627b5cc24919c08c84108f2efd7ab0a162029d55537476410d9535d50f3eb059f7153f7482c134284862eea121201f82838aace4b12283b5
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
Score9/10-
Writes file to system bin folder
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Writes file to shm directory
Malware can drop malicious files in the shm directory which will run directly from RAM.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-