hxxps://github[.]com/enforcer-pro/ddostor | Triage

Resubmissions

18-04-2024 20:25

240418-y7llksfb61 7

18-04-2024 20:23

240418-y6dvcafb3z 7

18-04-2024 20:21

240418-y5cwnadh36 6

18-04-2024 20:18

240418-y3rxssfa7s 6

18-04-2024 20:16

240418-y169psdg36 6

18-04-2024 20:12

240418-yy98ksdf74 6

Sharing

General

Target

https://github.com/enforcer-pro/ddostor
Sample

240418-y7llksfb61

Score

7^/10

antivm linux spyware stealer

Malware Config

Targets

- Target
  
  https://github.com/enforcer-pro/ddostor
Score

7^/10

antivm spyware stealer
- Changes its process name
- Reads user data of web browsers
  Reads stored browser data which can include saved credentials.
  spyware stealer
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Legitimate hosting services abused for malware hosting/C2
- Reads CPU attributes
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

Impact

Resource Development

Reconnaissance

Tasks

static1

urlscan1

behavioral1

antivmspywarestealer

behavioral2

behavioral3

behavioral4