Resubmissions

20-04-2023 08:22

230420-j9pnpaae8s 10

20-04-2023 08:22

230420-j9pcxsge73 10

15-03-2023 12:40

230315-pwcd4afc4t 10

15-03-2023 12:39

230315-pvsdxsdb55 10

13-03-2023 14:43

230313-r3ya9aag67 10

24-08-2021 03:35

210824-ycawpc5ms2 9

General

  • Target

    nyynvefzjerks

  • Size

    546KB

  • Sample

    230420-j9pnpaae8s

  • MD5

    2a91a3170a5fd4fb3e30f3d63b9120de

  • SHA1

    1a7a226833f43fdaee71cb6f84914f9a1e87de81

  • SHA256

    c9bd6d01eb7258fef88ec5c9276431c1db45f063b316f83943e45b6a40a76783

  • SHA512

    2d396f7fd0e661a2f15a1f0dc51341b89d9b28f6742a4bdfb7fe9115c5c7b44d9b8ac6e1c5e492f5971c2f9595f17c4154d979f7183df23d8f52ab0e24834d3f

  • SSDEEP

    12288:D3P1A0+Kvdnd4Asvhc27/ao+PzENGtkZg0/CedRlZRqR6ysen:Dfm0+KlZsJc27io2zYGtk20/LdF0+8

Malware Config

Extracted

Family

xorddos

C2

topbannersun.com:5993

wowapplecar.com:5993

Attributes
  • crc_polynomial

    CDB88320

xor.plain

Targets

    • Target

      nyynvefzjerks

    • Size

      546KB

    • MD5

      2a91a3170a5fd4fb3e30f3d63b9120de

    • SHA1

      1a7a226833f43fdaee71cb6f84914f9a1e87de81

    • SHA256

      c9bd6d01eb7258fef88ec5c9276431c1db45f063b316f83943e45b6a40a76783

    • SHA512

      2d396f7fd0e661a2f15a1f0dc51341b89d9b28f6742a4bdfb7fe9115c5c7b44d9b8ac6e1c5e492f5971c2f9595f17c4154d979f7183df23d8f52ab0e24834d3f

    • SSDEEP

      12288:D3P1A0+Kvdnd4Asvhc27/ao+PzENGtkZg0/CedRlZRqR6ysen:Dfm0+KlZsJc27io2zYGtk20/LdF0+8

    Score
    9/10
    • Writes file to system bin folder

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Writes file to shm directory

      Malware can drop malicious files in the shm directory which will run directly from RAM.

MITRE ATT&CK Enterprise v6

Tasks