xorddos | 0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
07-09-2024 10:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

d1b5b4b4b5a118e384c7ff487e14ac3f_JaffaCakes118
Size

611KB
MD5

d1b5b4b4b5a118e384c7ff487e14ac3f
SHA1

038b7e9406fe5cb0a0be8f95ac935923c6d83c28
SHA256

0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b
SHA512

20885f782beeca1712924d6dec7fa474fb2fa7f926d7cbdbdd5f7fa18f6a3ac2bcd5dbd771a80c13c3403cbad05f2cda86ffefdc8170d6cc0f0b4b01a5baec74
SSDEEP

12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiLx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhLfNiGQl/91h

Score

10^/10

xorddos botnet discovery downloader execution persistence privilege_escalatio rootkit

Malware Config

Extracted

Family

xorddos

http://aa.hostasa.org/game.rar

ns3.hostasa.org:3309

ns4.hostasa.org:3309

ns1.hostasa.org:3309

ns2.hostasa.org:3309

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 31 IoCs

resource	yara_rule
behavioral1/files/fstream-6.dat	family_xorddos
behavioral1/files/fstream-7.dat	family_xorddos
behavioral1/files/fstream-8.dat	family_xorddos
behavioral1/files/fstream-9.dat	family_xorddos
behavioral1/files/fstream-10.dat	family_xorddos
behavioral1/files/fstream-11.dat	family_xorddos
behavioral1/files/fstream-12.dat	family_xorddos
behavioral1/files/fstream-13.dat	family_xorddos
behavioral1/files/fstream-14.dat	family_xorddos
behavioral1/files/fstream-15.dat	family_xorddos
behavioral1/files/fstream-16.dat	family_xorddos
behavioral1/files/fstream-17.dat	family_xorddos
behavioral1/files/fstream-18.dat	family_xorddos
behavioral1/files/fstream-19.dat	family_xorddos
behavioral1/files/fstream-20.dat	family_xorddos
behavioral1/files/fstream-21.dat	family_xorddos
behavioral1/files/fstream-22.dat	family_xorddos
behavioral1/files/fstream-23.dat	family_xorddos
behavioral1/files/fstream-24.dat	family_xorddos
behavioral1/files/fstream-25.dat	family_xorddos
behavioral1/files/fstream-26.dat	family_xorddos
behavioral1/files/fstream-27.dat	family_xorddos
behavioral1/files/fstream-28.dat	family_xorddos
behavioral1/files/fstream-29.dat	family_xorddos
behavioral1/files/fstream-30.dat	family_xorddos
behavioral1/files/fstream-31.dat	family_xorddos
behavioral1/files/fstream-32.dat	family_xorddos
behavioral1/files/fstream-33.dat	family_xorddos
behavioral1/files/fstream-34.dat	family_xorddos
behavioral1/files/fstream-35.dat	family_xorddos
behavioral1/files/fstream-36.dat	family_xorddos

Writes memory of remote process 2 IoCs

pid	Process
2486	d1b5b4b4b5a118e384c7ff487e14ac3f_JaffaCakes118
2495	Process not Found

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2486	d1b5b4b4b5a118e384c7ff487e14ac3f_JaffaCakes118
2487	Process not Found
2492	Process not Found
2487	Process not Found
2496	Process not Found
2495	Process not Found
2487	Process not Found
2497	Process not Found
2499	Process not Found
2501	Process not Found
2503	Process not Found
2510	Process not Found
2505	Process not Found
2511	Process not Found
2507	Process not Found
2517	Process not Found
2532	Process not Found
2551	Process not Found
2495	Process not Found
2495	Process not Found
2487	Process not Found
2487	Process not Found
2510	Process not Found
2510	Process not Found
2511	Process not Found
2511	Process not Found
2517	Process not Found
2517	Process not Found
2532	Process not Found
2532	Process not Found
2551	Process not Found
2551	Process not Found
2495	Process not Found
2495	Process not Found
2510	Process not Found
2510	Process not Found
2511	Process not Found
2511	Process not Found
2517	Process not Found
2517	Process not Found
2532	Process not Found
2532	Process not Found
2551	Process not Found
2551	Process not Found
2495	Process not Found
2495	Process not Found
2510	Process not Found
2510	Process not Found
2511	Process not Found
2511	Process not Found
2517	Process not Found
2517	Process not Found
2532	Process not Found
2532	Process not Found
2551	Process not Found
2551	Process not Found
2495	Process not Found
2495	Process not Found
2510	Process not Found
2510	Process not Found
2511	Process not Found
2511	Process not Found
2517	Process not Found
2517	Process not Found

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

execution persistence privilege_escalatio

Cron

T1053.003

description	ioc	Process
File opened for modification	/etc/crontab	d1b5b4b4b5a118e384c7ff487e14ac3f_JaffaCakes118

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	systemctl

/tmp/d1b5b4b4b5a118e384c7ff487e14ac3f_JaffaCakes118
/tmp/d1b5b4b4b5a118e384c7ff487e14ac3f_JaffaCakes118
1⤵
- Writes memory of remote process
- Loads a kernel module
- Creates/modifies Cron job
PID:2486
- /bin/sed
  sed -i "/\\/etc\\/cron.hourly\\/gcc.sh/d" /etc/crontab
  2⤵
  - Reads runtime system information
  PID:2494
- /bin/systemctl
  systemctl daemon-reload
  2⤵
  - Reads runtime system information
  PID:2508

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Cron

T1053.003

Persistence

Scheduled Task/Job

T1053

Cron

T1053.003

Privilege Escalation

Scheduled Task/Job

T1053

Cron

T1053.003

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/crontab

Filesize
1KB

MD5
f85f0a4cb1d0da23b7e8e4a80a5a9f59

SHA1
f7b9ebeb87ee01c0caa97df076e6420f5e5c66a9

SHA256
696de2ac7d880173f049febcf30288e8f77b4ff54baf7ea70ef1261a3bbe5d97

SHA512
a770f7e2a0ce96ef084c9baf845148950ec23bd7a1e99d23438ff7872cfc039db690b10884e979de8aef200abde73ac5f69c9ce0cd7800ccda0b0ef0640eb27d

Download Submit
/etc/init.d/d1b5b4b4b5a118e384c7ff487e14ac3f_JaffaCakes118

Filesize
495B

MD5
05288a70026ef78e39a07920003b9778

SHA1
31291af7fd26424d484b94580c2718ce680600e8

SHA256
81b36712e04f15a00c79632401f546401a343627eea28b92a7e1641cf390c638

SHA512
c835dcdd9db26b51dfab7bf58e901f7665765cfbc23ada2e59401d1572d0d79d75bea108cc2da0618c7562e9d07964943940946399691574bed74be88bc701ee

Download Submit
/etc/sed1kabyA

Filesize
1KB

MD5
85f7ff2020ac8c72212f076ddf33c0be

SHA1
df06ddd9c29e8da5cff1aa356e9529336573422f

SHA256
ffb48ad57868ed639fad049d11ef4b9bcdd3d2d3e556754ce69b4d6b016969a3

SHA512
d7e2d6116adbe768dd078b490575f7757c0e98859a96d280756446bd7e6bf46e24381b0cf86bf5ae3eb4e15bb3743a34cf910f30dd27888de4c5d12bc0a7ea00

Download Submit
/run/gcc.pid

Filesize
32B

MD5
748e5cff7d0b979778c00e491760950c

SHA1
c185dcbaee5dd77eaf7a9b8d84d9c049a98410a5

SHA256
ddf9e6d32e0c57eb111f1bbff445ff013e63dfcf23858194a34931ace9524969

SHA512
e8c1d91ed3862a822a70f9d80fdc596c416bf66e1b226c93d8cf5eac2bb1dc0ee24ffdd2afbdc7942825ee38d11de2379638bebe8d2ec5bf5d18bd1189becf86

Download Submit
/usr/bin/adhouuilzu

Filesize
611KB

MD5
8b2267dd19d622f778ec2700b708bce7

SHA1
52de39e9de2bb5424485ac198c07640bd2621f6f

SHA256
d5d1c8f5ea40d6d09af30fa93cdb24d4fa21d0f1ef509b0b0ec602246f8770e4

SHA512
7369eebbcea94f60489e5ed41cb825455973e12e8407f626d8a5cdb776750469c82e4b236691403efe424c82d87f5b2165049e991901845770a7ce35723e94f9

Download Submit
/usr/bin/agrnmlqdbx

Filesize
611KB

MD5
e735730dd0919a16966f9acc63a912d4

SHA1
8c9f84aae17c876de72cd5b847a08eb12487583f

SHA256
a5b2d0d6f2ff331b2b44a5d8e3f9575c3b15b5cc3ae8ea1defe8b24ecc101897

SHA512
a6a916e08acf282cff86936dfca223988189bb904e16e119314bfe456af1847b9a042e14e66ee6198c70e6a2b21ff365a772f03eec40f8162ed6f1e655916ab1

Download Submit
/usr/bin/dazgrdnnxm

Filesize
611KB

MD5
a24675b106de56102910e1e4c6f6c3bd

SHA1
4fb5cd9acb28f4575585bdfb4bbd4cceb3263879

SHA256
a8359c5fe6b4aecbb839287e2b3a7307bb251b08aa1dd1c5d714f97187af42b3

SHA512
6aa8526d47515d02276804665241c5ac7c0eef6d0d37c68aa9998b2a74f1836dfb75048b07339ae207784c1aaa7faa7d6050dd7f2f44bdb039333b65e6dbe56e

Download Submit
/usr/bin/dfjqtjqvqb

Filesize
611KB

MD5
a114e9d250e5696fa40365c7cdc1480d

SHA1
8bb917db3126c21574fd06bd3804f27bc5acbf55

SHA256
5316a83b280c0aa400b9f0a27576e27051b0c7342c4ff6cdbaa09bf70fe94e13

SHA512
20fed76770f6ac21bc7eb82699981b17f53f49661b0fdcb6e0deb147ad2e1b6f57513369088dbee77c9da6afdeea8c3f18e395e424a98452ecc0afe76ab62849

Download Submit
/usr/bin/dktkjrredj

Filesize
611KB

MD5
f625681bce085f30ffc638a0e48b2608

SHA1
4dad94c809e872e0039c3f367d9ad4a5a70b14b1

SHA256
31d5169f3e8f1c2863e7753240735dc16f3c711cfb0fd6d2f32448cb90e4f6bb

SHA512
8647cca25b2f16086d7b9d6788c04903120118877e6a1d8b2783bbcbe985ed359e4eee5e2fb5455966ea7c5a585094d9dca0ee87e241c06b8d83f53464fdc299

Download Submit
/usr/bin/ebkyhvbegk

Filesize
611KB

MD5
cbf754f65e73d8ead0c54f0573b189fc

SHA1
20a130b6e0e41dfccdac9d6278103eab7df2555a

SHA256
8b1ace0df038c3aba553ca2d83acffed5896ff2465acbbee6cb21998cb5eef23

SHA512
ad5e61063cdf542bd76858a7eaa00c605bf8950501249b213c62b6a41515659c348538b022075f83cd08235964742ebe4094ba6e57aadeb76a5ecaefb31906b2

Download Submit
/usr/bin/faziuchtwi

Filesize
611KB

MD5
dd382a693dc60a3f0e1a3d45e5ce250b

SHA1
6c98743a5a9caca48ebc9dd090ea24b19952631a

SHA256
0ec42c255165f1fa484016c2ade1c93d81e1659a7e554ef88968881465f5d6dd

SHA512
f333c99b3c5319a7cdff4842af305a6a2e82df98dc861ae0acd06a532bdf04855d89b2237537dcb92022c1dec09be671be180f7635045e57e096930ddbc24d91

Download Submit
/usr/bin/gsqlgslmqr

Filesize
611KB

MD5
2981a12a6a51f2ee7291d789852124bb

SHA1
bde78b9604be3a744fd9535a29245d307fe6801c

SHA256
c888f6d7344c3b9cac70cc207e317b1615257f36bedafc375bf05122deb28277

SHA512
51050f6760eba5fc7b84b65a0b1a21437a539551d8c24ede1100f624844ff7a16b5c9d5150911e063343d9e37c40d926f51b2f58245666ecc15e4dcae476312a

Download Submit
/usr/bin/heouczkqve

Filesize
611KB

MD5
9d8e192165852229b231eb1915e5d183

SHA1
4e09fa57369171935dd542572fc9a86dd1523a03

SHA256
e9ea59787fbd5a554245341aa6fb063861f08ad2ba61dd01a7bf53dcf210b6d9

SHA512
18d23737a1400c0f785da701dbc3c6157ceb6ac3b5a8f43d8f50fa20d2c90a2dbe9e8704821ff396b5caa7c3c61b81f74aa0ff554cff7367dad464bf7a55c0c2

Download Submit
/usr/bin/itxtlbjkex

Filesize
611KB

MD5
3fdfd70408202667235e374aef74f3f1

SHA1
bc2e27dbb5affabfa841ca8d0ec36d5fa62fa3e7

SHA256
9e84b23cc3cbafaa16d5e35c7c7fdc884c8c7cd9867b99fef6fba3b56c10a8bf

SHA512
974daed147493f21f2e1bc65b2dd1ca8a020c86db29565a090148deec2596caa7064ede6660a17383b7d54da49b7cc880670bea87b4f41600623495177646bb0

Download Submit
/usr/bin/iuvocjeaji

Filesize
611KB

MD5
d156483e112379a679133fa3a3abb0d4

SHA1
a957656738df6fde3ae546f49049c6b2a35a3392

SHA256
e7d3a43f4e29ff3b2b2f75fc65035b83bfc81483c9d8195c6f086026d9259594

SHA512
6349920c1fcd8be0cb3eca58935fcf72a1bf87310570b246e7b83b8ef25908d9d7706d07dbe008b863bf3a3af087da66c7c920e74af9f2f19751babd23b353f4

Download Submit
/usr/bin/jdoodvgjfb

Filesize
611KB

MD5
418dc4972545b0dbc095c423723e7f5a

SHA1
afc697ee0d900be6d655ecd227a966d461e97325

SHA256
d36b484ac4dc3d849fe2124e14f43320f1f880b39f8d89859fd62376137bae60

SHA512
19b61877ded8cdd1875fc3a76c5c3935ac5f097a91873cd894be07eb968de95fcc710d7ef628c2ebd7a3c5c10a66a23ae1a677e26a933a66345c00b54185f634

Download Submit
/usr/bin/jjujrzjdrq

Filesize
611KB

MD5
d6988acba77746b80b902db6f432a5cf

SHA1
e923eb2507a877a52e87322efc9c8492f1d32fc5

SHA256
423cf51f8d086b5ae1b2a2909fbc4f6ce2bb1cc731c6665df6f52365160f798c

SHA512
27fd7be872f988b6d7076d30f560e24b2ec51aa80a4f01bd3730e58e2300975b6be6d197efc22a7334ef3d26b62ab9725fd5ca9ca3af71109ebd267c0309fb35

Download Submit
/usr/bin/kodmuxaouo

Filesize
611KB

MD5
7036d175f30762a9a2918fc36d65fc25

SHA1
d8a4fb4236c2dce94b9ffad57cf017974180952f

SHA256
508fa57987e966f2a745b5ffe4e09c06f9d44e9d729e38753aaf2e5d079f54a7

SHA512
4562fa9c49f9fa9ef0b12221463d0bc5943067dfda5548ed82a988fac41ee27c66417d544c3fa57c59ef740cc64c9a121ba40219acf2e944a6ca5b204d9b36f5

Download Submit
/usr/bin/maeygahpcj

Filesize
611KB

MD5
5ebbfabbf8e1f96f65169e6edf9ad90f

SHA1
f3dcc60592f8bfbc265909db1a23c7b9e4881955

SHA256
ee83d02a8b1004cd750c3b17a4c9372266100da24554bf17e449aa7fa0d30e4f

SHA512
f4cab20669056249cf8d0f677f68ddafd31d73bec7ad0944dbdf644e24f5ba3a207ebd44f4a9ca7b861b354bcd169c50e26c2a1a73e1dbfa1c9e8fe0b1bb9293

Download Submit
/usr/bin/mipvtducco

Filesize
611KB

MD5
546804387b31ee155b43b70383decd60

SHA1
41698eb14937c53ca22661b0484d6e76c2c80edf

SHA256
6fc9dad3d6e218e7dc7f16ba8bc52d8bb6e380fc6f1384d744eb7621b7c8bd9f

SHA512
6011cdf380ad3a7f78c9c821bfa1038040b563a822ab04858f9cb698a4548f7c6074b5c257bfe6eccc4343f1409cfe65ea6c585aa3913607c5e81856d0d0bf6f

Download Submit
/usr/bin/qpzjvsnlqv

Filesize
611KB

MD5
9309e81e38308a49d0e5a25595189e6f

SHA1
e7ca3b61533f4b565021071601cf5a894c00d104

SHA256
167795fa906435a254271015a065c8d36fe9395887662a835c0bee1dad1d5892

SHA512
f42300cd9b071c00346754e2e1919a87903706dc809dc06c71961ad0c8da6a27eec3e2c49cc819713beae3aa162436b7b502c76d4aabbdac116f120c71f7187c

Download Submit
/usr/bin/soiheclcwt

Filesize
611KB

MD5
9e14892f107373f0248a2577dab1134a

SHA1
0f50ba8bcd2f93cd439378a1e2ee535248f60a5e

SHA256
7b87b893648fca2d807cce838c9ea5958811e1e1dd7ff31de493e2c712df08af

SHA512
476741830996e7d0637cab54a7ef025c2c80038f6fba87c180bd34e55bdbaa04abd17d96d44aa4cac42aa0678518b0422325c5007cbedebf07d07248bb59fc5c

Download Submit
/usr/bin/stlogeuexz

Filesize
611KB

MD5
4b13c52a3d772c631758f688c2923946

SHA1
65684002e61b9ac663ad799bdcc8fe83a256b873

SHA256
fa7b3a50cfbf6216ecb958ad03de5603e3310a3b3aee595202c8e4a971cda152

SHA512
b329f3dfba39b70edc1431bb4298a32ffde831826ea751b52ac72f29221bb5e653a686542b5494b88c6ece93bdfddd99797e37f7aa59ed8330a33be94c0d5372

Download Submit
/usr/bin/trjuzqzjyg

Filesize
611KB

MD5
8bd2fd222377c7752227c0dfbe523d8f

SHA1
fed45c2e916e0e38402e07f42c3843ba4f7e93f3

SHA256
67651bec88661de8aaabaf4781465e033fe101b666f6f43bc0a38050390f45dc

SHA512
efc42f07cd5fd03f34616fe57fe6932f0733cd12acb2d10e3b7b8a3196113d62c8da34feedf47017305082e34c3559ceac38e14415abd8ddd140968462b94a8b

Download Submit
/usr/bin/tuumchzuwd

Filesize
611KB

MD5
f55bd7c109341ee528c7c6ac308c4e23

SHA1
37a2ade95fb8e67925fd90bdc0a2bee4c1e785fd

SHA256
923c72d7d13bc43cb0bf4aad63104d28b138841fddcdcfcc277b6a9e0926ec79

SHA512
f7d28704ddb279df523812157dcd8092e16ada3a20963b36ad12b4721e60c21e5b74036b688146ed887372fb33a4b5740f07d9e6ddaab6fb872e4e4ea0229eaf

Download Submit
/usr/bin/ugeoatvuum

Filesize
611KB

MD5
6c2a2ad5cab188b49560230d705bae3e

SHA1
258f10b21903d83a204669c68e01a047d056294d

SHA256
6ad0561bb5d13f856b565ebe227b18ef73d53457650b21f1ae47f77ce8a51602

SHA512
2e73b34b1b7a48549c2a482f4e8552a5f1ed7cd9bb35c891103166b86dc8d9f13140d2b5e4e2b570060b086d1c0fb3fdf23e99118dc0a97756cac399719dc27e

Download Submit
/usr/bin/urgquayvpk

Filesize
611KB

MD5
f3ca619d729865905fbc1a5214c89eab

SHA1
0b634a9477e1b9eb3784d49ed910e4809ffba690

SHA256
a3811459ebfadb26e5541523fdaabd001cb40f02ad66263d7713ce1727756b4d

SHA512
eec3863aafa235eadf4b897fbe74ecf79b54940f6c9c3a9ba65d9801ceff0f7bdd9a74cd543585f7aadb0c3d5879aebf00b144fbb6938da23aa65580c740a850

Download Submit
/usr/bin/vopdayavny

Filesize
611KB

MD5
7b7d63f8367821b8d39c7495d5c3e2a8

SHA1
9bc3128f56476461fdca474cc650682cbb08904c

SHA256
810918adea50bf2300a92de673597c2aa58f9d57bc623957bbca461b635f550b

SHA512
5d62f7276eed930706528086cd998501168303bc93c9cb895a9363f8db709ded133aab852089038d9dbf3141c060f5bc52059b1d82aa16a014ff948427a2bad0

Download Submit
/usr/bin/wdfvozvmsq

Filesize
611KB

MD5
176e762ac5b6301ab3a29206cad8deac

SHA1
6f9d8cb16a439cd28cb0e0443e52d41c4e75c6be

SHA256
5d6c0d648706539110b5b366cbbca071f9c30ac0314d93e1f2c209a91389a5ed

SHA512
3b97daa384a9c69ee8028ef0551b1c1003dee05657ea6a3db415db4997e9ef1db6b7d438a3805a94cc829597a32046df9266baea29cc6561909dc7fbb2490e2c

Download Submit
/usr/bin/xupennledl

Filesize
611KB

MD5
7a4f56f8c84262417415534b311fee52

SHA1
47f2a3f4655b42c3e831878c7509117fe2bc9473

SHA256
33b2b2005d0c0c880814952011ef3a6dc6db7d09c588b76243ee94bc3cd8eff6

SHA512
7cd2a205653cd6701c81cd12124aa5f4015649373457448a336e609df0dabff3633d3c24c27c3436904afb2452968891104a6ed4910255659490c3d515907980

Download Submit
/usr/bin/yblgorxgju

Filesize
611KB

MD5
c20623bf6b3b455c8df02dd9b84ac6ce

SHA1
5d75ace6e2fb46b73f8a30715d554dbf60a1de5a

SHA256
5dc1a0c5a93a8be8a1dd52f74f72d5c314e5db0507f9164098085f52ee1994bf

SHA512
d94c84c52a3ea024e310a00ada2eefef6153c681a60c8194878d6e5215d59dd9b87f82627c35eda575cfa87da6e9e362f90069560c4f39567304671b6e6fdb17

Download Submit
/usr/bin/yiuqefvmrp

Filesize
611KB

MD5
62a0782bdbc420ef1c133a1c02cc4d78

SHA1
d3c494a732c9f31499da3094f38f6f60ce95e600

SHA256
ea2e1479ed819fbeef6db99495ec1f3b052ec6db7dcd50b463d099d9cb338215

SHA512
8dc0681ff162e226a207decec71fdfe6d5de461600155224188e9a4aeb8d80e89fe9ad20ca6b2c7b94479cc42ff429b98b44c0d404f7ec644a4f880046a96ef0

Download Submit
/usr/bin/zbaykphgqo

Filesize
611KB

MD5
cc8df0ada68812b77ea8d2e582101dfd

SHA1
23dec67e3601eedc0e08ca85e39b27d02c30abba

SHA256
2e44f6a45858a626c1c84d3e8f9d4c365a5ee833703b3a5e78acfa55eed76830

SHA512
8f71d3c4a6954ae141216fd2d22914e548740c4e54dfaaef0568eb6f61733a27277957c0b346577d049bc479d2699b62596f125050c981479f4b60c688c101c3

Download Submit
/usr/bin/zhwkijzbss

Filesize
611KB

MD5
857472621a859665cff32feba54a7e25

SHA1
3b3f805a8bdbe3fc4e5a042e5c0058f75fc97bea

SHA256
e3045d969ee2819c256eb44c2613ae5f751175a094b5a92692d2899bf2f512c7

SHA512
5d373002d9a77f84f2b61e146840d722c951e7bb520d65ecc017d3627aa1ab18d75854a8cfcf8b3800fc386288549d433e2cf6992d33c41b37daf4248c20816f

Download Submit
/usr/lib/libudev.so

Filesize
611KB

MD5
d1b5b4b4b5a118e384c7ff487e14ac3f

SHA1
038b7e9406fe5cb0a0be8f95ac935923c6d83c28

SHA256
0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b

SHA512
20885f782beeca1712924d6dec7fa474fb2fa7f926d7cbdbdd5f7fa18f6a3ac2bcd5dbd771a80c13c3403cbad05f2cda86ffefdc8170d6cc0f0b4b01a5baec74

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads