xorbot

General

Target

bins.sh
Size

10KB
Sample

250221-a5tbms1ks2
MD5

f1646987343a60668d4b5b6a8261daf3
SHA1

0d0e5d57b7a65644205c4d2deccb1b5c0b449cad
SHA256

758212705619f4095ee19c6615fc0e047c935d53dbc8ded1063454a0f9145a67
SHA512

5b2e4a195d7e3802dc787d76eeab47957d4e4d1a5b0aebac806218e55f3ef1bc63dbf197159f5d76d523d3deb0d655fc702eaf474ff85f9d505cb319005766e6
SSDEEP

192:O7Mo7OOdCSxdqDDL/q3jvglcw2g8UOUOUpUAUsLvfalJ6e0vfalJKyUOUOUpUAUO:O7Mo7OOdCSxdqDDL/qhg9vfalJ6e0vfX

Score

10^/10

Malware Config

Targets

- Target
  
  bins.sh
- Size
  
  10KB
- MD5
  
  f1646987343a60668d4b5b6a8261daf3
- SHA1
  
  0d0e5d57b7a65644205c4d2deccb1b5c0b449cad
- SHA256
  
  758212705619f4095ee19c6615fc0e047c935d53dbc8ded1063454a0f9145a67
- SHA512
  
  5b2e4a195d7e3802dc787d76eeab47957d4e4d1a5b0aebac806218e55f3ef1bc63dbf197159f5d76d523d3deb0d655fc702eaf474ff85f9d505cb319005766e6
- SSDEEP
  
  192:O7Mo7OOdCSxdqDDL/q3jvglcw2g8UOUOUpUAUsLvfalJ6e0vfalJKyUOUOUpUAUO:O7Mo7OOdCSxdqDDL/qhg9vfalJ6e0vfX
Score

10^/10

xorbot botnet defense_evasion discovery execution persistence privilege_escalation trojan antivm
- Detects Xorbot
  botnet trojan
- Xorbot
  Xorbot is a linux botnet and trojan targeting IoT devices.
  botnet trojan xorbot
- Xorbot family
  xorbot
- Contacts a large (1469) amount of remote hosts
  This may indicate a network scan to discover remotely running services.
  discovery
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Renames itself
- Creates a large amount of network flows
  This may indicate a network scan to discover remotely running services.
  discovery
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
- Enumerates running processes
  Discovers information about currently running processes on the system
behavioral1 behavioral2 behavioral3 behavioral4