xorbot | 54302d130cd356fb19ea5a763c5ab6b0892fc234118f10ba3196ec4245c83b4d | Triage

Resubmissions

25/03/2025, 12:46

250325-pzqe5azlz3 10

07/02/2025, 09:35

250207-lktx8ayjcj 10

Sharing

General

Target

aueHn9GX7g0zUb6i8PkWnrliO01zWkgW2M
Size

98KB
Sample

250207-lktx8ayjcj
MD5

5141342d0df8699fa32a6b066a0c592e
SHA1

8157673225bd5182f16215e2aa823a25ca2d4fbc
SHA256

54302d130cd356fb19ea5a763c5ab6b0892fc234118f10ba3196ec4245c83b4d
SHA512

d6b24571e7691227abafc70133a1da007c97c2730c820de77a750d2c140a8a75554cc614b4729debc4ec5480124252737c5846a458a5146005285c6d3f9e3801
SSDEEP

3072:lxvAwSaWFr5Ryrfb3jb9RxqgRfEma1b5wdL35sPX:32FrIT3/9jqgmma1b5wdj5sPX

Score

10^/10

xorbot android botnet discovery execution linux persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  aueHn9GX7g0zUb6i8PkWnrliO01zWkgW2M
- Size
  
  98KB
- MD5
  
  5141342d0df8699fa32a6b066a0c592e
- SHA1
  
  8157673225bd5182f16215e2aa823a25ca2d4fbc
- SHA256
  
  54302d130cd356fb19ea5a763c5ab6b0892fc234118f10ba3196ec4245c83b4d
- SHA512
  
  d6b24571e7691227abafc70133a1da007c97c2730c820de77a750d2c140a8a75554cc614b4729debc4ec5480124252737c5846a458a5146005285c6d3f9e3801
- SSDEEP
  
  3072:lxvAwSaWFr5Ryrfb3jb9RxqgRfEma1b5wdL35sPX:32FrIT3/9jqgmma1b5wdj5sPX
Score

8^/10

discovery execution persistence privilege_escalation
- Contacts a large (1716) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Renames itself
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

botnettrojanxorbot

behavioral1

behavioral2

behavioral3

discoveryexecutionpersistenceprivilege_escalation