xorbot | e442d2493ef24372a63ca01790525986f2c74fe48f056a8bbcc93247556304e5 | Triage

Submit
Reports

Overview

overview

Static

static

1

bins.sh

ubuntu-18.04-amd64

bins.sh

debian-9-armhf

bins.sh

debian-9-mips

bins.sh

debian-9-mipsel

Sharing

General

Target

bins.sh
Size

10KB
Sample

241204-eydptsxjfq
MD5

48e22140eccdbc0e1791d3cfbd21b9a1
SHA1

d857ca79cfcd50ab3af92a32ced5fba96e8fb286
SHA256

e442d2493ef24372a63ca01790525986f2c74fe48f056a8bbcc93247556304e5
SHA512

189e5ff3380834746664f5e1cf60f37d67c1b7f3e2e846ff497e5688f77c6073ccc2f448270f7f7c4d25cc54b929c9f07395e2e77351f222cfb5c7711e98719c
SSDEEP

192:L29ANYNCkCsC0CvCzCOb4L/2ePeu33D69AlCkCsC0CvCzC0L/2ePeun:LBYNCkCsC0CvCzCOb4L/2ePeu33DdCkX

Score

10^/10

xorbot antivm botnet defense_evasion discovery execution linux persistence privilege_escalatio trojan

Static task

static1

Behavioral task

behavioral1

Sample

bins.sh

Resource

ubuntu1804-amd64-20240611-en

xorbot botnet defense_evasion discovery execution persistence privilege_escalatio trojan

ubuntu-18.04-amd64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

bins.sh

Resource

debian9-armhf-20240611-en

xorbot antivm botnet defense_evasion discovery execution persistence privilege_escalatio trojan

debian-9-armhf

11 signatures

150 seconds

Behavioral task

behavioral3

Sample

bins.sh

Resource

debian9-mipsbe-20240611-en

xorbot botnet defense_evasion discovery execution persistence privilege_escalatio trojan

debian-9-mips

10 signatures

150 seconds

Behavioral task

behavioral4

Sample

bins.sh

Resource

debian9-mipsel-20240226-en

xorbot botnet defense_evasion discovery execution persistence privilege_escalatio trojan

debian-9-mipsel

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  48e22140eccdbc0e1791d3cfbd21b9a1
- SHA1
  
  d857ca79cfcd50ab3af92a32ced5fba96e8fb286
- SHA256
  
  e442d2493ef24372a63ca01790525986f2c74fe48f056a8bbcc93247556304e5
- SHA512
  
  189e5ff3380834746664f5e1cf60f37d67c1b7f3e2e846ff497e5688f77c6073ccc2f448270f7f7c4d25cc54b929c9f07395e2e77351f222cfb5c7711e98719c
- SSDEEP
  
  192:L29ANYNCkCsC0CvCzCOb4L/2ePeu33D69AlCkCsC0CvCzC0L/2ePeun:LBYNCkCsC0CvCzCOb4L/2ePeu33DdCkX
Score

10^/10

xorbot botnet defense_evasion discovery execution persistence privilege_escalatio trojan antivm
- Detects Xorbot
  botnet trojan
- Xorbot
  Xorbot is a linux botnet and trojan targeting IoT devices.
  botnet trojan xorbot
- Xorbot family
  xorbot
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xorbotbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatiotrojan

behavioral2

xorbotantivmbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatiotrojan

behavioral3

xorbotbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatiotrojan

behavioral4

xorbotbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatiotrojan

© 2018-2024

Terms | Privacy