General
-
Target
yxbitkdccc_.elf
-
Size
611KB
-
Sample
230328-cg4htagd66
-
MD5
a2279a054fba006fd74c3b61ddc6a3ef
-
SHA1
df2a4c91d86be560c7c19628923b601af460258d
-
SHA256
ce0f1914e0f0748f85ecc18d8470de2a0b2b60be7eaab7a459899f77993e82e6
-
SHA512
089bf2ef2926e6cdd93412ce006fb06cf8c75f60c9adb475c4798532b2214e083b4d1a6dd29b864a77c9744a953e67a40c2dc7195661682cfaa268c549e9cbe5
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AR:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91I
Malware Config
Extracted
xorddos
cdn.cloud2cdn.com:8000
Targets
-
-
Target
yxbitkdccc_.elf
-
Size
611KB
-
MD5
a2279a054fba006fd74c3b61ddc6a3ef
-
SHA1
df2a4c91d86be560c7c19628923b601af460258d
-
SHA256
ce0f1914e0f0748f85ecc18d8470de2a0b2b60be7eaab7a459899f77993e82e6
-
SHA512
089bf2ef2926e6cdd93412ce006fb06cf8c75f60c9adb475c4798532b2214e083b4d1a6dd29b864a77c9744a953e67a40c2dc7195661682cfaa268c549e9cbe5
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1AR:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91I
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-