Overview

overview

10

Static

static

10

1e87a5dba1...72.elf

windows10-2004-x64

10

6a7b7147fe...02.elf

windows10-2004-x64

3

99296550ab...7d7.sh

windows10-2004-x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    malware.zip

  • Size

    1.0MB

  • Sample

    230513-e6cgqsfe46

  • MD5

    f22982d387ab614c0a8733ddccca20a1

  • SHA1

    7dc39f6ff061315f58aa297e08874c902546f63c

  • SHA256

    a40d947d6a1d92c2789968ce0d2e6eb1734e248e2d30828c61a41f4ac840e8a0

  • SHA512

    f606cc5b3e171346b5e311c720521002c7ffc966fc9777b5e203dc26df8bab0f1aafcd8b4fbdf5a77840c065d58908274f74f87099c4a850c909569d3f627c13

  • SSDEEP

    24576:TXvxkvADC8MtLkENh7YAVVVj8jvDgaTDvw5zj2ApS:WvADitLkQYAVVh8jUa8j2B

Score
10/10
blackmatterxorddosbab21ee475b52c0c9eb47d23ec9ba1d1botnetdownloader

Malware Config

Extracted

Family

xorddos

C2

http://aa.hostasa.org/config.rar

cdn.cloud2cdn.com:8080
Attributes
  • crc_polynomial

    EDB88320

xor.plain

Extracted

Family

blackmatter

Version

1.6.0.2

Botnet

bab21ee475b52c0c9eb47d23ec9ba1d1

C2

http://paymenthacks.com

http://mojobiden.com
rsa_pubkey.plain
aes.plain

Targets

    • Target

      1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72.elf

    • Size

      611KB

    • MD5

      e7a3aa891e550834f9af4367a564e468

    • SHA1

      38962368d0b3ea97126372410b101a19c8130532

    • SHA256

      1e87a5dba16588bf91144de1b34a524bc70c39c88bca63f79dd95d3087253d72

    • SHA512

      7f5257d7316a864f63ee2b8fed51f97d55ad1b5c1db458a93a57b0cfde0694ff186ef576f9e8c76c96721def61877a0072c51ca7bf5dc5b1dd0b097135c2e9da

    • SSDEEP

      12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrUT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNUBVEBl/91h

    Score
    10/10
    xorddosbotnetdownloader

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

      botnetdownloaderxorddos

    • XorDDoS payload

    behavioral1

    • Target

      6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502.elf

    • Size

      2.0MB

    • MD5

      3f9a28e8c057e7ea7ccf15a4db81f362

    • SHA1

      10d6d3c957facf06098771bf409b9593eea58c75

    • SHA256

      6a7b7147fea63d77368c73cef205eb75d16ef209a246b05698358a28fd16e502

    • SHA512

      58a71aeac247d206f023ee29aff81026881e41d3fbd268f7513e3bcd951701a68502361dd717befa79a094eb9fc0caaa9f8770ba83f5c94a8acb9ae0986ee386

    • SSDEEP

      49152:k5Wy/20shMXR8uUz9cBbLc/6LCM01iNFFB9wO:k5Wy//sO8uDq6

    Score
    3/10
    behavioral2

    • Target

      99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7.sh

    • Size

      12KB

    • MD5

      814e7f7f32964cbf5ec91dbb56768da8

    • SHA1

      be5af1cfa10cee0f20bc725f75cc05ff98278d11

    • SHA256

      99296550ab836f29ab7b45f18f1a1cb17a102bb81cad83561f615f3a707887d7

    • SHA512

      d160c2b19132699182d63c1093b7c67a7222ea3cfd01cc56e4aaf63a04f0e2c0fede58c3bd42fa24f3a2049858fda34a447b7982adcd97795170ee9f6acb4f61

    • SSDEEP

      384:/HebVBNfm1BjfeWBJfiL8EqQusxxlfZrDSYUip2lMeIKBIpcLGcl15D64X:fQ3O1FGWLKAEqpGrDSYfp2lMehu6Ga1B

    Score
    3/10
    behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

6
T1082

Query Registry

6
T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks