General
-
Target
c28220e17321c219bc9799b98b861748
-
Size
247KB
-
Sample
240312-fmkvfahb2z
-
MD5
c28220e17321c219bc9799b98b861748
-
SHA1
5141c8bcdd85093350b5d3026ee0768186b11def
-
SHA256
598d7c33cab88b9b475f822ecca744be2fea7fdd9b643c3060992d9b94667eda
-
SHA512
ecc7fccc3297847032f32334c7e8720226e7c45bc3d8c70fff41b3ac1321bfbce7f122904b490b0da6c331eec64421aabf4abf90fa045a17524dc5db8a7eda68
-
SSDEEP
6144:JSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCDx/mqYs:YZRgUY/fsJcO1KOiXGes
Malware Config
Extracted
xorddos
-
crc_polynomial
EDB88320
Targets
-
-
Target
c28220e17321c219bc9799b98b861748
-
Size
247KB
-
MD5
c28220e17321c219bc9799b98b861748
-
SHA1
5141c8bcdd85093350b5d3026ee0768186b11def
-
SHA256
598d7c33cab88b9b475f822ecca744be2fea7fdd9b643c3060992d9b94667eda
-
SHA512
ecc7fccc3297847032f32334c7e8720226e7c45bc3d8c70fff41b3ac1321bfbce7f122904b490b0da6c331eec64421aabf4abf90fa045a17524dc5db8a7eda68
-
SSDEEP
6144:JSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCDx/mqYs:YZRgUY/fsJcO1KOiXGes
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-