Overview

overview

10

Static

static

10

qfghsZZ3aR...kL0iEw

android-10-x64

qfghsZZ3aR...kL0iEw

android-13-x64

qfghsZZ3aR...kL0iEw

ubuntu-24.04-amd64

8

Resubmissions

25/03/2025, 12:34

250325-prxt8szk15 10

07/02/2025, 09:45

250207-lq4plsykdj 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    qfghsZZ3aRxtIEpoQRYEfzn3P5p9kL0iEw

  • Size

    99KB

  • Sample

    250207-lq4plsykdj

  • MD5

    9438d9bc392bcf300a5583b6df5bc8f6

  • SHA1

    375a6ae34b516f6f3eeea8030c4084f585017efa

  • SHA256

    68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e

  • SHA512

    1f3e4219359a28c0f6373c0369da2b5dc0e89789afb89664627d8d9e37d4b72da36322b4015491d7daa03e46dff07d39f00dca18f274e9623dab0ff2d869c860

  • SSDEEP

    3072:kFPlxndf22h/xwXnTkai7MYRApCg9dgdmk1b5wdL35sPX:kZlxndf8nTqtS/9dgdmk1b5wdj5sPX

Score
10/10
xorbotandroidbotnetdiscoveryexecutionlinuxpersistenceprivilege_escalationrootkittrojan

Malware Config

Targets

    • Target

      qfghsZZ3aRxtIEpoQRYEfzn3P5p9kL0iEw

    • Size

      99KB

    • MD5

      9438d9bc392bcf300a5583b6df5bc8f6

    • SHA1

      375a6ae34b516f6f3eeea8030c4084f585017efa

    • SHA256

      68e6282ed9046c9e22dbdf051dc03956803a46805f599e8cb9b52b993caa8f1e

    • SHA512

      1f3e4219359a28c0f6373c0369da2b5dc0e89789afb89664627d8d9e37d4b72da36322b4015491d7daa03e46dff07d39f00dca18f274e9623dab0ff2d869c860

    • SSDEEP

      3072:kFPlxndf22h/xwXnTkai7MYRApCg9dgdmk1b5wdL35sPX:kZlxndf8nTqtS/9dgdmk1b5wdj5sPX

    Score
    8/10
    discoveryexecutionpersistenceprivilege_escalationrootkit

    • Contacts a large (1798) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalation
    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v15

Tasks