xorbot | c2fc62fb9126b2d43daafd651743cd04245fa26baa2d7455b8f74dba047f3d95 | Triage

Submit
Reports

Overview

overview

Static

static

1

bins.sh

ubuntu-18.04-amd64

3

bins.sh

debian-9-armhf

4

bins.sh

debian-9-mips

bins.sh

debian-9-mipsel

Sharing

General

Target

bins.sh
Size

10KB
Sample

250105-c3jers1kej
MD5

fee28388ed6528f99762ba2f3ba8ca79
SHA1

96fadbec3f481fbe68bec359b52496a80a60800d
SHA256

c2fc62fb9126b2d43daafd651743cd04245fa26baa2d7455b8f74dba047f3d95
SHA512

0011dae2524872b6efdfc729d21ce54934a23b683e86729badd43a92ff635da681f8ba4875deb3a8e3ac92232d5d2e325cffb9336a7162d4aa14e4fe606f4cca
SSDEEP

192:parEXzLc3gLVWSXW4Brzcu6JLLc3gLVWS34rzcu6JcKO:qEX9W42e

Score

10^/10

xorbot antivm botnet defense_evasion discovery execution linux persistence privilege_escalatio trojan

Static task

static1

Behavioral task

behavioral1

Sample

bins.sh

Resource

ubuntu1804-amd64-20240611-en

ubuntu-18.04-amd64

1 signatures

150 seconds

Behavioral task

behavioral2

Sample

bins.sh

Resource

debian9-armhf-20240611-en

antivm discovery

debian-9-armhf

3 signatures

150 seconds

Behavioral task

behavioral3

Sample

bins.sh

Resource

debian9-mipsbe-20240729-en

xorbot botnet defense_evasion discovery execution persistence privilege_escalatio trojan

debian-9-mips

13 signatures

150 seconds

Behavioral task

behavioral4

Sample

bins.sh

Resource

debian9-mipsel-20240418-en

xorbot botnet defense_evasion discovery execution persistence privilege_escalatio trojan

debian-9-mipsel

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  fee28388ed6528f99762ba2f3ba8ca79
- SHA1
  
  96fadbec3f481fbe68bec359b52496a80a60800d
- SHA256
  
  c2fc62fb9126b2d43daafd651743cd04245fa26baa2d7455b8f74dba047f3d95
- SHA512
  
  0011dae2524872b6efdfc729d21ce54934a23b683e86729badd43a92ff635da681f8ba4875deb3a8e3ac92232d5d2e325cffb9336a7162d4aa14e4fe606f4cca
- SSDEEP
  
  192:parEXzLc3gLVWSXW4Brzcu6JLLc3gLVWS34rzcu6JcKO:qEX9W42e
Score

10^/10

discovery antivm xorbot botnet defense_evasion execution persistence privilege_escalatio trojan
- Detects Xorbot
  botnet trojan
- Xorbot
  Xorbot is a linux botnet and trojan targeting IoT devices.
  botnet trojan xorbot
- Xorbot family
  xorbot
- Contacts a large (748) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalatio
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

Network Service Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

antivmdiscovery

behavioral3

xorbotbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatiotrojan

behavioral4

xorbotbotnetdefense_evasiondiscoveryexecutionpersistenceprivilege_escalatiotrojan

© 2018-2025

Terms | Privacy