xorbot | 78416feab0c93152d65acc8f48835520db083cc3aed0aea622b9fb88284dc00d | Triage

Resubmissions

25/03/2025, 12:45

250325-pzadxazly9 10

07/02/2025, 09:37

250207-llhlkswqet 10

Sharing

General

Target

bxIZB99vjDrlqCBONN1rjAe4EHpQF9p3aA
Size

127KB
Sample

250207-llhlkswqet
MD5

89077b7bd4bcafca7713be43635c4862
SHA1

fc02edb8fba29ea8ee99e6157ef8560334530052
SHA256

78416feab0c93152d65acc8f48835520db083cc3aed0aea622b9fb88284dc00d
SHA512

1b457b8f8d452eecaad9013241e50672befb70feb5349f5fa72d62ea1fa8affa968763e6511cc76cdc5bf12f080e4a8f10c8e141ccd0d36794e721d690f2c4b1
SSDEEP

3072:fgO463guSRVw5OhgfgnoHOIcv6Gosjr7fxmxKjQVnaMk9H8p:4ZmgoHONvposj3fxmxKjQVnal9H8p

Score

10^/10

xorbot android botnet discovery execution persistence privilege_escalation trojan

Malware Config

Targets

- Target
  
  bxIZB99vjDrlqCBONN1rjAe4EHpQF9p3aA
- Size
  
  127KB
- MD5
  
  89077b7bd4bcafca7713be43635c4862
- SHA1
  
  fc02edb8fba29ea8ee99e6157ef8560334530052
- SHA256
  
  78416feab0c93152d65acc8f48835520db083cc3aed0aea622b9fb88284dc00d
- SHA512
  
  1b457b8f8d452eecaad9013241e50672befb70feb5349f5fa72d62ea1fa8affa968763e6511cc76cdc5bf12f080e4a8f10c8e141ccd0d36794e721d690f2c4b1
- SSDEEP
  
  3072:fgO463guSRVw5OhgfgnoHOIcv6Gosjr7fxmxKjQVnaMk9H8p:4ZmgoHONvposj3fxmxKjQVnal9H8p
Score

8^/10

discovery execution persistence privilege_escalation
- Contacts a large (1740) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- Renames itself
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

botnettrojanxorbot

behavioral1

behavioral2

behavioral3

discoveryexecutionpersistenceprivilege_escalation