xorddos | 8e996db5961bec2587b92b94e946d2b58230187426757f199ca99b59074d6391

Analysis

max time kernel
36s
max time network
67s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20231026-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20231026-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
31-10-2023 02:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
Size

611KB
MD5

85682d3effdb2d559fd84df491e9461a
SHA1

2fb53f36a77339e1dd8458dd3fe561355de76211
SHA256

3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba
SHA512

f4cb94b160ed93d57b05d151c949c4dfd3a8b44d45af6d9432d2a9f1fafc02dec4e66d4f3cbdeeba16c769fc97b4f48a611aa92f653b1aa8f07b90d876168a86
SSDEEP

12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrryT6yF8EEP4UlUuTh1Ae:FBXmkN/+Fhu/Qo4h9L+zNNyBVEBl/91f

Score

10^/10

xorddos antivm botnet downloader persistence

Malware Config

Extracted

Family

xorddos

http://www1.gggatat456.com/dd.rar

ppp.gggatat456.com:1525

ppp.xxxatat456.com:1525

p5.dddgata789.com:1525

p5.lpjulidny7.com:1525

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 20 IoCs

resource	yara_rule
behavioral1/files/fstream-6.dat	family_xorddos
behavioral1/files/fstream-7.dat	family_xorddos
behavioral1/files/fstream-8.dat	family_xorddos
behavioral1/files/fstream-9.dat	family_xorddos
behavioral1/files/fstream-10.dat	family_xorddos
behavioral1/files/fstream-11.dat	family_xorddos
behavioral1/files/fstream-12.dat	family_xorddos
behavioral1/files/fstream-13.dat	family_xorddos
behavioral1/files/fstream-14.dat	family_xorddos
behavioral1/files/fstream-15.dat	family_xorddos
behavioral1/files/fstream-16.dat	family_xorddos
behavioral1/files/fstream-17.dat	family_xorddos
behavioral1/files/fstream-18.dat	family_xorddos
behavioral1/files/fstream-19.dat	family_xorddos
behavioral1/files/fstream-20.dat	family_xorddos
behavioral1/files/fstream-21.dat	family_xorddos
behavioral1/files/fstream-22.dat	family_xorddos
behavioral1/files/fstream-23.dat	family_xorddos
behavioral1/files/fstream-24.dat	family_xorddos
behavioral1/files/fstream-25.dat	family_xorddos

Executes dropped EXE 24 IoCs

ioc	pid	Process
/usr/bin/ysqvxilkdt	1522	ysqvxilkdt
/usr/bin/ysqvxilkdt	1527	ysqvxilkdt
/usr/bin/ysqvxilkdt	1548	ysqvxilkdt
/usr/bin/ysqvxilkdt	1550	ysqvxilkdt
/usr/bin/ysqvxilkdt	1552	ysqvxilkdt
/usr/bin/tbgqjvshmi	1555	tbgqjvshmi
/usr/bin/tbgqjvshmi	1558	tbgqjvshmi
/usr/bin/tbgqjvshmi	1561	tbgqjvshmi
/usr/bin/tbgqjvshmi	1564	tbgqjvshmi
/usr/bin/tbgqjvshmi	1567	tbgqjvshmi
/usr/bin/cxgllgketf	1570	cxgllgketf
/usr/bin/cxgllgketf	1573	cxgllgketf
/usr/bin/cxgllgketf	1576	cxgllgketf
/usr/bin/cxgllgketf	1579	cxgllgketf
/usr/bin/cxgllgketf	1582	cxgllgketf
/usr/bin/khwoygvvps	1585	khwoygvvps
/usr/bin/khwoygvvps	1588	khwoygvvps
/usr/bin/khwoygvvps	1591	khwoygvvps
/usr/bin/khwoygvvps	1594	khwoygvvps
/usr/bin/khwoygvvps	1597	khwoygvvps
/usr/bin/kvekakobhf	1600	kvekakobhf
/usr/bin/kvekakobhf	1603	kvekakobhf
/usr/bin/kvekakobhf	1606	kvekakobhf
/usr/bin/kvekakobhf	1609	kvekakobhf

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc
File opened for reading	/proc/cpuinfo

Creates/modifies Cron job 1 TTPs 2 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

persistence

Scheduled Task/Job

T1053

description	ioc	Process
File opened for modification	/etc/cron.hourly/gcc.sh	Process not Found
File opened for modification	/etc/crontab	sh

Modifies init.d 1 TTPs 1 IoCs

Adds/modifies system service, likely for persistence.

persistence

Boot or Logon Autostart Execution

T1547

description	ioc
File opened for modification	/etc/init.d/3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf

Write file to user bin folder 1 TTPs 5 IoCs

Hijack Execution Flow

T1574

description	ioc
File opened for modification	/usr/bin/cxgllgketf
File opened for modification	/usr/bin/khwoygvvps
File opened for modification	/usr/bin/kvekakobhf
File opened for modification	/usr/bin/ysqvxilkdt
File opened for modification	/usr/bin/tbgqjvshmi

Reads runtime system information 10 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/stat	Process not Found
File opened for reading	/proc/filesystems	systemctl
File opened for reading	/proc/self/stat	systemctl
File opened for reading	/proc/1/environ	systemctl
File opened for reading	/proc/cmdline	systemctl
File opened for reading	/proc/meminfo	Process not Found
File opened for reading	/proc/rs_dev	Process not Found
File opened for reading	/proc/sys/kernel/osrelease	systemctl
File opened for reading	/proc/1/sched	systemctl
File opened for reading	/proc/filesystems	sed

/tmp/3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
/tmp/3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
1⤵
PID:1509

/bin/chkconfig
chkconfig --add 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
1⤵
PID:1512

/sbin/chkconfig
chkconfig --add 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
1⤵
PID:1512

/usr/bin/chkconfig
chkconfig --add 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
1⤵
PID:1512

/usr/sbin/chkconfig
chkconfig --add 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
1⤵
PID:1512

/usr/local/bin/chkconfig
chkconfig --add 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
1⤵
PID:1512

/usr/local/sbin/chkconfig
chkconfig --add 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
1⤵
PID:1512

/usr/X11R6/bin/chkconfig
chkconfig --add 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf
1⤵
PID:1512

/bin/sh
sh -c "sed -i '/\\/etc\\/cron.hourly\\/gcc.sh/d' /etc/crontab && echo '*/3 * * * * root /etc/cron.hourly/gcc.sh' >> /etc/crontab"
1⤵
- Creates/modifies Cron job
PID:1515
- /bin/sed
  sed -i "/\\/etc\\/cron.hourly\\/gcc.sh/d" /etc/crontab
  2⤵
  - Reads runtime system information
  PID:1516

/bin/update-rc.d
update-rc.d 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf defaults
1⤵
PID:1514

/sbin/update-rc.d
update-rc.d 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf defaults
1⤵
PID:1514

/usr/bin/update-rc.d
update-rc.d 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf defaults
1⤵
PID:1514

/usr/sbin/update-rc.d
update-rc.d 3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf defaults
1⤵
PID:1514
- /bin/systemctl
  systemctl daemon-reload
  2⤵
  - Reads runtime system information
  PID:1521

/usr/bin/ysqvxilkdt
/usr/bin/ysqvxilkdt "cd /etc" 1510
1⤵
- Executes dropped EXE
PID:1522

/usr/bin/ysqvxilkdt
/usr/bin/ysqvxilkdt "cat resolv.conf" 1510
1⤵
- Executes dropped EXE
PID:1527

/usr/bin/ysqvxilkdt
/usr/bin/ysqvxilkdt gnome-terminal 1510
1⤵
- Executes dropped EXE
PID:1548

/usr/bin/ysqvxilkdt
/usr/bin/ysqvxilkdt "netstat -an" 1510
1⤵
- Executes dropped EXE
PID:1550

/usr/bin/ysqvxilkdt
/usr/bin/ysqvxilkdt bash 1510
1⤵
- Executes dropped EXE
PID:1552

/usr/bin/tbgqjvshmi
/usr/bin/tbgqjvshmi "ps -ef" 1510
1⤵
- Executes dropped EXE
PID:1555

/usr/bin/tbgqjvshmi
/usr/bin/tbgqjvshmi uptime 1510
1⤵
- Executes dropped EXE
PID:1558

/usr/bin/tbgqjvshmi
/usr/bin/tbgqjvshmi su 1510
1⤵
- Executes dropped EXE
PID:1561

/usr/bin/tbgqjvshmi
/usr/bin/tbgqjvshmi bash 1510
1⤵
- Executes dropped EXE
PID:1564

/usr/bin/tbgqjvshmi
/usr/bin/tbgqjvshmi "netstat -antop" 1510
1⤵
- Executes dropped EXE
PID:1567

/usr/bin/cxgllgketf
/usr/bin/cxgllgketf ifconfig 1510
1⤵
- Executes dropped EXE
PID:1570

/usr/bin/cxgllgketf
/usr/bin/cxgllgketf "route -n" 1510
1⤵
- Executes dropped EXE
PID:1573

/usr/bin/cxgllgketf
/usr/bin/cxgllgketf "grep \"A\"" 1510
1⤵
- Executes dropped EXE
PID:1576

/usr/bin/cxgllgketf
/usr/bin/cxgllgketf "grep \"A\"" 1510
1⤵
- Executes dropped EXE
PID:1579

/usr/bin/cxgllgketf
/usr/bin/cxgllgketf "ls -la" 1510
1⤵
- Executes dropped EXE
PID:1582

/usr/bin/khwoygvvps
/usr/bin/khwoygvvps whoami 1510
1⤵
- Executes dropped EXE
PID:1585

/usr/bin/khwoygvvps
/usr/bin/khwoygvvps su 1510
1⤵
- Executes dropped EXE
PID:1588

/usr/bin/khwoygvvps
/usr/bin/khwoygvvps who 1510
1⤵
- Executes dropped EXE
PID:1591

/usr/bin/khwoygvvps
/usr/bin/khwoygvvps "cat resolv.conf" 1510
1⤵
- Executes dropped EXE
PID:1594

/usr/bin/khwoygvvps
/usr/bin/khwoygvvps who 1510
1⤵
- Executes dropped EXE
PID:1597

/usr/bin/kvekakobhf
/usr/bin/kvekakobhf su 1510
1⤵
- Executes dropped EXE
PID:1600

/usr/bin/kvekakobhf
/usr/bin/kvekakobhf "sleep 1" 1510
1⤵
- Executes dropped EXE
PID:1603

/usr/bin/kvekakobhf
/usr/bin/kvekakobhf "cd /etc" 1510
1⤵
- Executes dropped EXE
PID:1606

/usr/bin/kvekakobhf
/usr/bin/kvekakobhf su 1510
1⤵
- Executes dropped EXE
PID:1609

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Hijack Execution Flow

T1574

Scheduled Task/Job

T1053

Defense Evasion

Hijack Execution Flow

T1574

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/init.d/3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba.elf

Filesize
605B

MD5
422d14188d05ccccbd7d6c01b3a633fc

SHA1
cfc080d110a8c19b65554fa4779537a769353504

SHA256
f396b4e2dc56426e0b65860d408c989dd09e732c953a4be2ea235c6a040fade2

SHA512
44fa90ca306668779a441cfc1344eb18ded225a4e72011cac0b8f90e1326724ea977c24f4bd173d2c9bacb02fef8369ccd2f94e4c3c84ba1d2966c79b3e4a3e8

Download Submit
/etc/sedRyibT3

Filesize
722B

MD5
8f111d100ea459f68d333d63a8ef2205

SHA1
077ca9c46a964de67c0f7765745d5c6f9e2065c3

SHA256
0e5c204385b21e15b031c83f37212bf5a4ee77b51762b7b54bd6ad973ebdf354

SHA512
d81767b47fb84aaf435f930356ded574ee9825ec710a2e7c26074860d8a385741d65572740137b6f9686c285a32e2951ca933393b266746988f1737aad059adb

Download Submit
/lib/libudev.so

Filesize
212KB

MD5
c917cc05dd2cd5986efd86826026e3d6

SHA1
7e8987270d63847a7a74db8d5042b5b471c4248e

SHA256
cdb38a669a92126810ac65d5a29e30f60eaf73aca09f896c8cd4a48f69b63da9

SHA512
cfda718f8ff85191a8a4c0a4dcc529404b9c2c599df3afe279c56b303946687a62b45f382473d4ea51fb302e77e78800c06629ca07fd8e8cc653535dd8792b8c

Download Submit
/lib/libudev.so

Filesize
611KB

MD5
85682d3effdb2d559fd84df491e9461a

SHA1
2fb53f36a77339e1dd8458dd3fe561355de76211

SHA256
3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba

SHA512
f4cb94b160ed93d57b05d151c949c4dfd3a8b44d45af6d9432d2a9f1fafc02dec4e66d4f3cbdeeba16c769fc97b4f48a611aa92f653b1aa8f07b90d876168a86

Download Submit
/run/gcc.pid

Filesize
32B

MD5
9fb71adf93363595b6864b979153a30b

SHA1
b2e335c0b43e55ac3dcbaf7e6f714709a439e918

SHA256
1a267c4ba6cb99c4e0000a5e7102b52ff2a88d50f4cbaf0fc4f075ad74ccc0cd

SHA512
d2b67d626465ba9d190be86b6cca723341fa65427e19d4cca8fcb5601bdee6fe4c52de015d157859ce9f75d1ae96b254c9bb30fbd60120ad6d7227c68e9a93aa

Download Submit
/usr/bin/cxgllgketf

Filesize
611KB

MD5
85682d3effdb2d559fd84df491e9461a

SHA1
2fb53f36a77339e1dd8458dd3fe561355de76211

SHA256
3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba

SHA512
f4cb94b160ed93d57b05d151c949c4dfd3a8b44d45af6d9432d2a9f1fafc02dec4e66d4f3cbdeeba16c769fc97b4f48a611aa92f653b1aa8f07b90d876168a86

Download Submit
/usr/bin/cxgllgketf

Filesize
611KB

MD5
3a0f8fc6ee6062438c364ebac1a3a8b4

SHA1
f56aa38a28272f1258fbcb2800a730e0279e8e4b

SHA256
b53d82fff0c9d57c50e2199ccf54e0feede3f84ef3a28219c75ea81ec22fa534

SHA512
a45d5389b12f54ae4745187651f9b0d6715c75543835cfc4e43bb9242e6bb34f156e93da109167cf91dac3661bc8cd95419f5cf779198d19fb46e29dbba87cd2

Download Submit
/usr/bin/cxgllgketf

Filesize
611KB

MD5
e7772d616d81fad9ad49be6f409d09dc

SHA1
f2b71721be2edeb2beee441c7d7bc40a80641aab

SHA256
775d2867ff579e3bc77859afd060b636a6772dd0c478c805d33a4ddcaebe956a

SHA512
73e0959341f263b1d68778d26422dff64c0f4e34f34b17b3e44f3424c54cca751ec2071bd28fd01f6313055afcb5cacd115359cdfae1cb3b69e5dea1454858b3

Download Submit
/usr/bin/khwoygvvps

Filesize
611KB

MD5
85682d3effdb2d559fd84df491e9461a

SHA1
2fb53f36a77339e1dd8458dd3fe561355de76211

SHA256
3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba

SHA512
f4cb94b160ed93d57b05d151c949c4dfd3a8b44d45af6d9432d2a9f1fafc02dec4e66d4f3cbdeeba16c769fc97b4f48a611aa92f653b1aa8f07b90d876168a86

Download Submit
/usr/bin/khwoygvvps

Filesize
611KB

MD5
12fc4302686cb4567e3946f6651d8a70

SHA1
29e7d045cfd9d621632e80513a37fb5d023f5e4d

SHA256
cadc58f61acc2381707b6c988f2cca603eaf2be1b3f38bb1ec32e6e2f74af069

SHA512
7fdd844355fc2b685627e95e28eeb48bcf49c9927e9e6e2a475a448ea4fd796547535357b6a173c8394a4308cc9121860b94b6fe69dac5279414f2915dbd16da

Download Submit
/usr/bin/khwoygvvps

Filesize
611KB

MD5
2ef3020eb33838ed7481c7bf3bbd22d9

SHA1
e18c09e43ca9f9ec262f16b235fe8ad0b17b0d31

SHA256
43701fa89be1dc286ca93fac7df84d3a21d0db2b24337647e67428c50bd4e522

SHA512
524176723f2e8f01d5cc0d66af5543878bf636ff61918f7dc3f9016ceab5cddc90f0990e7ff60c6a40ca13f93aec65beec145f43334970d50a55651d7526e104

Download Submit
/usr/bin/kvekakobhf

Filesize
611KB

MD5
85682d3effdb2d559fd84df491e9461a

SHA1
2fb53f36a77339e1dd8458dd3fe561355de76211

SHA256
3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba

SHA512
f4cb94b160ed93d57b05d151c949c4dfd3a8b44d45af6d9432d2a9f1fafc02dec4e66d4f3cbdeeba16c769fc97b4f48a611aa92f653b1aa8f07b90d876168a86

Download Submit
/usr/bin/kvekakobhf

Filesize
611KB

MD5
ff31f2723345dce064fc22b4395e4c7b

SHA1
d51a6ab255ae24c659960fd1123c498f7b455ae4

SHA256
a7ce9eebb7d1cb902f36650d3724de6079fedd8a9a676055acac62a87c2baf92

SHA512
709a4f6e8d8c5c1682e083caa77ad8351c517b18821a9aba29384752f72fc836b076ae227128f0657f9f278cb826bc5b7090cd2ccfaddb4a3bb919dbca5744a9

Download Submit
/usr/bin/kvekakobhf

Filesize
611KB

MD5
19ad13b1fbf518dd4ebbe8a3a6d1e354

SHA1
5d288800ba8c452d967d01ce8e55ed7d39767563

SHA256
638c3b2f4ca524e2a577df798b429228049cedb1854646c559243bcbe1b8e7b0

SHA512
02bfc04957ce2bcbcc994ccec7efd2ae5f86a9f60dfa670c2bfa9f2fcb13a66de4bcae682388aaef12b0902efbba4615668abfe80185e8f499736d4db9439aac

Download Submit
/usr/bin/tbgqjvshmi

Filesize
611KB

MD5
85682d3effdb2d559fd84df491e9461a

SHA1
2fb53f36a77339e1dd8458dd3fe561355de76211

SHA256
3a8a11b60fd8e2f93d29fb46cdda68fd404b06147a7c717d3619b088e39875ba

SHA512
f4cb94b160ed93d57b05d151c949c4dfd3a8b44d45af6d9432d2a9f1fafc02dec4e66d4f3cbdeeba16c769fc97b4f48a611aa92f653b1aa8f07b90d876168a86

Download Submit
/usr/bin/tbgqjvshmi

Filesize
611KB

MD5
29c71f1998529a5604c6a0c03d1a6805

SHA1
6c7888788bf4991ed15b9de3709c92fd0a63b089

SHA256
cf69e2feb0adf2adb265ec3956ce96d05b66422790cc1f55e70d4442e56755f8

SHA512
4b2ac57bdc375b6e1918a5877999df1294a78a8e787c072e42f4d21ffde4baca8da18bec1f1d084daf201b4f3d1598aaae34e7e0af23d5439e8115b825718810

Download Submit
/usr/bin/tbgqjvshmi

Filesize
611KB

MD5
97623aec9d7cb57dd052d99e279ce0ce

SHA1
2a7b3420be737bcb994af924a168e15e03507af2

SHA256
1c9f58b12c85b9f4fad1e1fbfc841f9f26f818cbaa95eb2c2ad90c51358eddbf

SHA512
3f61b06248b68f5a041a026029a49e9bd89a6beaf0e88154c412b3dd75e902fc038c2137480421c0718e075e1d06e342bdcc9dfdc81082c5ec831a3eb540930c

Download Submit
/usr/bin/ysqvxilkdt

Filesize
212KB

MD5
b4408e212c673ad160f5e8f6c577d362

SHA1
326d124d233d6848b5671753f6ec17700b258e74

SHA256
5d8252129bb2477f567be9993dc825539899348fe6d87f8a5c077075ae6a1172

SHA512
1c0e0fa2c6cb96d223aff816cd223a53f6a62c3ee789f1221ca7d71507d6166ce70faa4b3b32413927b0247523196b1472f3cd0154c668e025404979268b5b93

Download Submit
/usr/bin/ysqvxilkdt

Filesize
212KB

MD5
70ddef4a077d8f9f17824530236fb7ce

SHA1
c77e45230770ce68852e0587c90bfa3f04ef982b

SHA256
049354c18d5472585c5b05a1be3667c27262dd60ff3727f47d158018f3d97bb3

SHA512
4e91c137637d6fef0dbe06e824335a95a7faf12434d00eb88ff8524c79c84b90e9769e654e0bc33fd817c2bca7b88f23651fe6e968fd0620ecabc5baf6e163f8

Download Submit
/usr/bin/ysqvxilkdt

Filesize
212KB

MD5
4ce467b779d35ca2d20a24848a496a07

SHA1
02cbb8212ec2b6fe899366e68049359777121289

SHA256
d7107ea2fee7d29466f665e36a2c1652a6e860e0097bdd36a2777f2020ed69ba

SHA512
8d33de4c1e2bee76135a12d1b92e0905f2fb5590183eadc9e5459ec8d15c45ef9ec3451a47ffeaea4cf7501406a629d8f419fe41f4445ef8b64ddbd5cbc554ab

Download Submit
/usr/bin/ysqvxilkdt

Filesize
212KB

MD5
1fa4d56fa65eb8d633acd270ac9b40dc

SHA1
712f65bd7770be796c9fbbfddadb287f1ad212c5

SHA256
5bfa7d7b65b97f19f475dc475d665d285c47b53e8e60cdb982fd3c2fbccbdcd7

SHA512
767a5b10d88a03c6dbea8687912a279f53a2602129dd7e99a67e577513e1e38660e5cbb03c62f725eeac4da095320f53b5628ae408972f682c75411c70e8e33e

Download Submit
/usr/bin/ysqvxilkdt

Filesize
212KB

MD5
c917cc05dd2cd5986efd86826026e3d6

SHA1
7e8987270d63847a7a74db8d5042b5b471c4248e

SHA256
cdb38a669a92126810ac65d5a29e30f60eaf73aca09f896c8cd4a48f69b63da9

SHA512
cfda718f8ff85191a8a4c0a4dcc529404b9c2c599df3afe279c56b303946687a62b45f382473d4ea51fb302e77e78800c06629ca07fd8e8cc653535dd8792b8c

Download Submit
/usr/bin/ysqvxilkdt

Filesize
212KB

MD5
4418214fd777fe50f1214dd89d4a9b2c

SHA1
87cb79c75610d0dd996706c431ea6716e198f79d

SHA256
1bd3b6e6fd5609d681f335a6b6a317ccdf3ec2b15494cbf2b94381fb93c2972e

SHA512
47111118fc1a8c6705bfe71011f124a72affb5c0a35114f6b4b779fc1329500a9a0d2d51d5553e8eba50873bd4e67543025ac5a7d920b38c1214e073b3d3e8a9

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads