Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
p.txt
-
Size
542KB
-
Sample
250124-ml7fdatqcy
-
MD5
f8d19572ff48420a101c685b87d0c099
-
SHA1
4485c6260a530dbe5680ce8166e63142a93bb9b6
-
SHA256
2f70458e2b77fba49697e3fbba8bea53e27e7ca010fd92ca3919b819d3aee160
-
SHA512
4860b6e9dcc8789e22c02140e96992ba18f24ad5e1bb3cedda8960da52f786cbdbcf9f27035ac1925ae0eaad39706c42fe21b0acc20326852c5d9289c247dfa8
-
SSDEEP
12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXGLLp6yWrk3:VB2WCH/eMU9Uc8gd49N94BJXGLL4ru
Behavioral task
behavioral1
Sample
p.txt
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Extracted
xorddos
http://ww.wowapplecar.com/config.rar
hh.vvbb321.com:1525
hh.jjkk567.com:1525
hh.nnmm234.com:1525
hh.aass654.com:1525
hh.xxcc789.com:1525
-
crc_polynomial
EDB88320
Targets
-
-
Target
p.txt
-
Size
542KB
-
MD5
f8d19572ff48420a101c685b87d0c099
-
SHA1
4485c6260a530dbe5680ce8166e63142a93bb9b6
-
SHA256
2f70458e2b77fba49697e3fbba8bea53e27e7ca010fd92ca3919b819d3aee160
-
SHA512
4860b6e9dcc8789e22c02140e96992ba18f24ad5e1bb3cedda8960da52f786cbdbcf9f27035ac1925ae0eaad39706c42fe21b0acc20326852c5d9289c247dfa8
-
SSDEEP
12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXGLLp6yWrk3:VB2WCH/eMU9Uc8gd49N94BJXGLL4ru
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Xorddos family
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1