Overview
overview
10Static
static
10.sshdd
ubuntu-18.04-amd64
7261664
ubuntu-18.04-amd64
832
ubuntu-18.04-amd64
136000.exe
windows7-x64
736000.exe
windows10-2004-x64
764
ubuntu-18.04-amd64
8GetPass.exe
windows7-x64
7GetPass.exe
windows10-2004-x64
7NetSyst81.dll
windows7-x64
1NetSyst81.dll
windows10-2004-x64
1POP
ubuntu-18.04-amd64
1SAY123
ubuntu-18.04-amd64
5SAY456
ubuntu-18.04-amd64
8TomDog_Result.html
windows7-x64
1TomDog_Result.html
windows10-2004-x64
1a06
ubuntu-18.04-amd64
9a07
ubuntu-18.04-amd64
9a08
ubuntu-18.04-amd64
9a09
ubuntu-18.04-amd64
9a10
ubuntu-18.04-amd64
9banner313.pl
ubuntu-18.04-amd64
banner313.pl
debian-9-armhf
banner313.pl
debian-9-mips
banner313.pl
debian-9-mipsel
f.sh
ubuntu-18.04-amd64
5f.sh
debian-9-armhf
5f.sh
debian-9-mips
5f.sh
debian-9-mipsel
5g3m.pl
ubuntu-18.04-amd64
g3m.pl
debian-9-armhf
g3m.pl
debian-9-mips
g3m.pl
debian-9-mipsel
General
-
Target
Malz.zip
-
Size
41.8MB
-
Sample
230420-j9jsfaae7s
-
MD5
72d76d00f0cfa5bcf976ad2f91c31219
-
SHA1
631f788057a9c0c9afa5adb3634cccf49134c707
-
SHA256
664fd170b1d07e372b3daa91aab78a8151d3f0b0361a2b3157b405314dd219a2
-
SHA512
d6c6afacd7bf9680545cbc306361b16f8f4d41326d3e67db8fdb7d0c771362e5833d2ec09b06f09401956c30c1921e31788c9a7029591e8950f9c25b21ed8326
-
SSDEEP
786432:yw31BOqBbfjzQ3HoRScthZa2BLXYXWl/efKwqKVVuiaohsBtSvVLUDMC2ygvWt+:ywDxT/Q3HnMZa2ZXYX0/efbl+E5UDM1z
Behavioral task
behavioral1
Sample
.sshdd
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral2
Sample
261664
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral3
Sample
32
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral4
Sample
36000.exe
Resource
win7-20230220-en
Behavioral task
behavioral5
Sample
36000.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral6
Sample
64
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral7
Sample
GetPass.exe
Resource
win7-20230220-en
Behavioral task
behavioral8
Sample
GetPass.exe
Resource
win10v2004-20230220-en
Behavioral task
behavioral9
Sample
NetSyst81.dll
Resource
win7-20230220-en
Behavioral task
behavioral10
Sample
NetSyst81.dll
Resource
win10v2004-20230220-en
Behavioral task
behavioral11
Sample
POP
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral12
Sample
SAY123
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral13
Sample
SAY456
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral14
Sample
TomDog_Result.html
Resource
win7-20230220-en
Behavioral task
behavioral15
Sample
TomDog_Result.html
Resource
win10v2004-20230220-en
Behavioral task
behavioral16
Sample
a06
Resource
ubuntu1804-amd64-en-20211208
Behavioral task
behavioral17
Sample
a07
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral18
Sample
a08
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral19
Sample
a09
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral20
Sample
a10
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral21
Sample
banner313.pl
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral22
Sample
banner313.pl
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral23
Sample
banner313.pl
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral24
Sample
banner313.pl
Resource
debian9-mipsel-en-20211208
Behavioral task
behavioral25
Sample
f.sh
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral26
Sample
f.sh
Resource
debian9-armhf-20221111-en
Behavioral task
behavioral27
Sample
f.sh
Resource
debian9-mipsbe-en-20211208
Behavioral task
behavioral28
Sample
f.sh
Resource
debian9-mipsel-20221111-en
Behavioral task
behavioral29
Sample
g3m.pl
Resource
ubuntu1804-amd64-20221111-en
Behavioral task
behavioral30
Sample
g3m.pl
Resource
debian9-armhf-en-20211208
Behavioral task
behavioral31
Sample
g3m.pl
Resource
debian9-mipsbe-20221111-en
Behavioral task
behavioral32
Sample
g3m.pl
Resource
debian9-mipsel-en-20211208
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
gh.dsaj2a1.org:2807
192.161.60.184:2807
www.yjgost.com:2807
http://aa.hostasa.org/game.rar
ns3.hostasa.org:3306
ns4.hostasa.org:3306
ns1.hostasa.org:3306
ns2.hostasa.org:3306
ns3.hostasa.org:3307
ns4.hostasa.org:3307
ns1.hostasa.org:3307
ns2.hostasa.org:3307
ns3.hostasa.org:3308
ns4.hostasa.org:3308
ns1.hostasa.org:3308
ns2.hostasa.org:3308
ns3.hostasa.org:3309
ns4.hostasa.org:3309
ns1.hostasa.org:3309
ns2.hostasa.org:3309
ns3.hostasa.org:3310
ns4.hostasa.org:3310
ns1.hostasa.org:3310
ns2.hostasa.org:3310
gh.dsaj2a1.org:2822
www.wangzongfacai.com:2822
174.139.217.145:2822
-
crc_polynomial
EDB88320
Targets
-
-
Target
.sshdd
-
Size
647KB
-
MD5
33229183c1a701376ef15a0af4f9dc5b
-
SHA1
b6a981f7d1e3141bc99e448ca5ea88e4f973463c
-
SHA256
4e6eb417b5598ed171d383e6d6e3f1dc861438a52cfd869bbfaebabb8905f622
-
SHA512
af69aabf1cb1463cf425d23fdab57d43eca545c86211c4dd7d2a14d27803f461aebebbf2108df8033b16f208e26026f5c3ae3cc578d7d893ba5487e992fbe419
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Tonnp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mn6wvnDWXMN
Score7/10-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
261664
-
Size
186KB
-
MD5
b754622e816fb2281402b86f75fa9ccf
-
SHA1
be1c9842f441500bd14b8ad9ac3a6cdac77ea47d
-
SHA256
d8c511b7a07df74df69fd91a435a7228f7ecad477c7b6b4d23bf6fb5b04cf77d
-
SHA512
d8057fe16bc35bc62b1998c67385ac79513ccfbf77cef68b5c73875910725b0ad886faf49b739576cbc3e795f8cf3416d729497e8e5cd7b47e8c78796405d925
-
SSDEEP
3072:ilEwSaKOao1hsD4lLsCH4aNSJReEK5BQ6SnJ43aCQiqse:iOwPi4Jp4RnCk6A5
Score8/10-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
-
-
Target
32
-
Size
10KB
-
MD5
a6345ddc1e04904f4c96933e1a59730f
-
SHA1
5451cf4a8bf5dfae0ca21781c2dce0a9db1d4194
-
SHA256
33671229bcfc0cdd0c789495575b5e20a39e077bf4f80a26783a7f0598a1d1d8
-
SHA512
facc8b2e3692f40cddd56846717af65831bbc239dc1c1496519446cd0cc107fa9e2cd756419d6033f36118f03448d009f728e373cccd2a83733ca2c64623485d
-
SSDEEP
192:MdU7fsvvarONq9HX6yHRN61oNAM62+CxBQ0a6NQCxQdJV:My7AKUqxKO61oN3+CxBQ0XFxy
Score1/10 -
-
-
Target
36000.exe
-
Size
416KB
-
MD5
51f00e56b4ef21e6b7d6685ca3fbad1a
-
SHA1
c145e5e23cd95de4c0b521f0eb7ded59ba0a381e
-
SHA256
4209035f042bcd79fe91997c8466cfdd890e740d8cb85b3076d7a5e79891f441
-
SHA512
69be029f0183cf3b425703467beee190bba49a3fe78cebd06e6c54c5ff550a6b9e18c704677a4587bef9ef83ffa5a38d6879717991fc3362d3686ab9f5cfb876
-
SSDEEP
6144:cXVDAhO3GzujrS6DfgSf2WPpx7MZyCwc9DMypdi8UAfndbeA0u9Adqhhs56EDL0C:YauGgSqntxwpTMf8TdIqAD4
Score7/10 -
-
-
Target
64
-
Size
10KB
-
MD5
3ede781c8a49e64f8fe62c07e6bfda4b
-
SHA1
3c89dc70861685c609a8671ed1ceb452f9379779
-
SHA256
ade2e8a84482ff9ef0a15b471514f1c4370af1e8130b28c0bcd25382898c0b67
-
SHA512
e9aa8008683dea3c64a398fa38e8b85e2a86ae349e6571f81e8cf281731ac3d222b35b2bd47d4ff87fd702b221180f5b8b14495c7ffb8d96dd7a2840e93b918b
-
SSDEEP
192:V91LqTakK4wMaw1pWDnD5ZtpjkA6Ywt/anV6jeSXnrkLecAVgzBUi0vbuL8ZcAr0:YzwPeWP5Znj2IIdXnQLec/zKiOpcX
Score8/10-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
-
-
Target
GetPass.exe
-
Size
178KB
-
MD5
2e17ac792a4ae32ff5c9d751ab3a77e3
-
SHA1
d18d952b24110b83abd17e042f9deee679de6a1a
-
SHA256
e9cffb4773da2d46282aeafc6680e7aed8ff8537040a2a27d3c1ee3e3229d88e
-
SHA512
30144f1ad0b0967f29dc4628ef50485fff201234041fa4aba8fc55521ca10aa3b16f391c5c7332267438235985d9e703b6155c59b1c34f06dbb56ae0072899d9
-
SSDEEP
3072:EnPhSvw5JB9goXOO8Ua7o+NbUmW8NUCABqJ+iS5xqlIJPZrn1c2x45Y/32kls5xi:EnPhtfBLOn7vNbUmnWqJt4xqlIld1XxJ
Score7/10 -
-
-
Target
NetSyst81.dll
-
Size
240KB
-
MD5
0b156ec492ea45d282cf823415ecaf12
-
SHA1
54ad711765e27f91a4d554e336e8a2bb04547f1d
-
SHA256
ac3b2cebb3f7a50fa237be97b07afa6f68be712e932f57074444e0c02e4d8342
-
SHA512
d29c4459ab65b42e5f31e0ecb2f077598cea177de1789fbc735e03089996f0891d9917b3c79573c2405302966f1d816a86b4698fca6891445866310871be2b60
-
SSDEEP
6144:SSGAi+a1Bsf81KVv19XAzKd4hDfYlY1wtNesuNrGq:SRAiP1Bsf84tJdK2Yi7GEq
Score1/10 -
-
-
Target
POP
-
Size
1.3MB
-
MD5
050f2541b0ff97734b066f33be89f53d
-
SHA1
a0ce2fa27c8ec790e62bf926560fe8c10956b737
-
SHA256
cb338967d877dff6129806568b7e201bba2b45da24943f1d5686d6b200670786
-
SHA512
8b78e89dcedb1fa9e505e94084295c8d9872ef02008fc074e9f266272e9243b0936150579d3b652ee1a87e3ecc18b6b34243115bafd1dfc2b9b46073f6f329e3
-
SSDEEP
24576:fAg0g+3YAqKbwt6Mleiv8x7HBruOmjqD0rV8T5KWs2/wgLg6Yvz1VVbBHpusVmMS:og01IAqHtZleikDuOGqYrVy5Kd2/hJYw
Score1/10 -
-
-
Target
SAY123
-
Size
551KB
-
MD5
a62bd401421253c27fc38aa8803f1451
-
SHA1
955d7153ae275b3b1cbef1f6d9fedf463de06e08
-
SHA256
977750a1f015f1ffa51edfeeae498a82e979b1644f70bec9170db96247c6e371
-
SHA512
9137448dde857b2f2b74fbd4488c6d00cc275da57d542d88a3b785d97257c232231fa13e792a124fef7cc5fcc36a18f7c82504944f3c3b324d3f3186ac09fe3b
-
SSDEEP
12288:/ocX0ds1H10GyzD9GCsQoD5umHxqKhHEwPTXdGFwMI:Qck61eGk9lzotuO1hHEwLHj
Score5/10-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
SAY456
-
Size
639KB
-
MD5
467771cc496a8764e143c772d3585072
-
SHA1
3233613081abf60ebd8bb04a97c9d9eeded025df
-
SHA256
c453e0d47de8106884381fcc0db2bf7927f714fc480fe31356809fff629c8a33
-
SHA512
c5cfad7c857a377850398df29190522bac911271bed4b2f6d17f91522173834f17daa38c53bdeb7c82796384aa21ea149abe18639425920003076095d69b7e0f
-
SSDEEP
12288:8Y62/fARweXwB5QXgn19w1k1a7s+95qXtPMZCLZZgyOQPAe5UyojTucN44XML:VdAywwBMgV1ux9cPM6LZJIu8N44o
Score8/10-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Reads CPU attributes
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
TomDog_Result.html
-
Size
704B
-
MD5
ad877860d464ab42abdd05de03866bd1
-
SHA1
bd2487ccb213802ff8f40e9632342ecd45324ff8
-
SHA256
c3d3c1612ed44202eaa7c64b69b07774e522e0d9125faa2dde0ada217440735f
-
SHA512
df90395c677840859d12b68b6b97fa646e8fceba8acf1ede661460167c342c09660e09add14eb091fe442edc44cd2e4b81e1ac03cf49ab78659678264b4eb08b
Score1/10 -
-
-
Target
a06
-
Size
611KB
-
MD5
3c49b5160b981f06bd5242662f8d0a54
-
SHA1
c50933e1f8a194e608049839707d8d698dd5caa5
-
SHA256
c394440c56fdcda9739fbb966e9ac2eab9e11e2eeff0720eb4c850a05b33eefc
-
SHA512
d947f1ecfb10002bc05bb6d1786758dfecb9000b94140128ccc9a68bd3a032ccb7360f27a3f7f522df856b372691bde46792975f6ac82c6fa0218d38b0d8488e
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Tikx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhkfNiGQl/91h
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
a07
-
Size
611KB
-
MD5
bcb6b83a4e6e20ffe0ce3c750360ddf5
-
SHA1
d88755b78834e87418aa3cb3bfee5de5c378bd2f
-
SHA256
61b0107a7a06ecbb8cc1d323967291d15450df7e8bab5d96c822a98c9399a521
-
SHA512
f3be44f45eb0c453192b0ddeb7d37f3335499b41b46cc3190e918ac2909f048b3857d2496ebd33fa79ddce4024a1b47a5e44867ff576c18eb998c7e4f87914ca
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiZx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhZfNiGQl/91h
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
a08
-
Size
611KB
-
MD5
a99c10cb9713770b9e7dda376cddee3a
-
SHA1
1f1dd4d74eba8949fb1d2316c13f77b3ffa96f98
-
SHA256
92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86
-
SHA512
1d410a7259469a16a1599fb28cb7cd82813270a112055e4fbe28327735a2968affbfdcba0a2001d504919e5ef3b271f40c45da6291be9c5f97c278418b241b79
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiOx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhOfNiGQl/91h
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
a09
-
Size
611KB
-
MD5
d1b5b4b4b5a118e384c7ff487e14ac3f
-
SHA1
038b7e9406fe5cb0a0be8f95ac935923c6d83c28
-
SHA256
0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b
-
SHA512
20885f782beeca1712924d6dec7fa474fb2fa7f926d7cbdbdd5f7fa18f6a3ac2bcd5dbd771a80c13c3403cbad05f2cda86ffefdc8170d6cc0f0b4b01a5baec74
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiLx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhLfNiGQl/91h
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
a10
-
Size
611KB
-
MD5
83eea5625ca2affd3e841d3b374e88eb
-
SHA1
dca946f677a1be95fb3ef6adc950730b4736a405
-
SHA256
fd6060b963d1b5ca7a07b5a283ad99105298a6708e44d286440a506738a17e34
-
SHA512
a856a78004812a5aa75f52ecaa3690d5edfc98179b4c34f23434cd9d60e0a0ea7dc6e3ab30e311f7da088267de026552155c9a46cc3c3dda99544e67969e3a1c
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Tipx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhpfNiGQl/91h
Score9/10-
Writes file to system bin folder
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
banner313.pl
-
Size
26KB
-
MD5
c9553c06f2118d8c7cf8d641e306b17f
-
SHA1
b262a8f0fd3a8317087b25d069f47bae39c8a8a9
-
SHA256
d5f918b0d11d5674727ef7b11ece8bb93e8845a23ce471f6e8c700a608c85e26
-
SHA512
c9133726c2f7e7a13d9fe6af1cdb49d5fd6804949c4c6f486b46c3e2b48c017b554957ed4a7c6669f5f5d1fd39dcf77b7616c01496e021642e7418756cbfb1b2
-
SSDEEP
384:8z9Yikph+AaZKmalkVQmjthmft1wVSE4ol6/c50Ilmu6ovAwfJ:s9nkph+0RkV/qPwVSvzIlOx+
Score1/10 -
-
-
Target
f.sh
-
Size
518B
-
MD5
cac62e5664152a357145747ba5dbe0a2
-
SHA1
8402c68d0b57b04eb19f52c18fc57edbe716f0da
-
SHA256
919bce738726efdfd08aa43552e095851c52c7452ef4c6c03d2b4c08cbceda76
-
SHA512
6e19b9dbf0e3cff0397c6cdf1774bdd08070b509be2520c32a3148daa0211cf74a728f2e163199e789d5bbead4f9cd246853483e65526ddef1b14a62bdb6d52f
Score5/10-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-
-
-
Target
g3m.pl
-
Size
9KB
-
MD5
2e455776b59e5005f5a0d8bf894d5577
-
SHA1
55dc947790e180564247d8573211dc413996a142
-
SHA256
f2585f17a1dc14c15de5ef5d7964c3d64a29825450ae76b8124448258f99b397
-
SHA512
3d4818d9e7444aadef5d634ff131ac658a087d6f52f045b15037ec49e03189325035fd815f31024436ea786ac64344386bf33319152b264bc99046d9fff89be2
-
SSDEEP
96:3N+3KCnHmzxq1eqRUSdC10Wpv84uip83Ik37xzni/YS2s/bCbeCbovm:s3Czxq1eFPGZ4oYMQYSNzCbeCbovm
Score1/10 -