2bd42c2df09c3894d7e54348ed3733b53ef5842ce81ee77d421a33fb13a42a5c | Triage

Resubmissions

30/03/2025, 17:52

250330-wf48hawks4 3

30/03/2025, 17:51

250330-wfnwhswks3 9

Sharing

General

Target

RDDoS_Tool-1.2.zip
Size

442KB
Sample

250330-wfnwhswks3
MD5

38270dbeefa5aed4baa93d5b94777423
SHA1

3abae3870ecd122441bc9f622bbd8ee8e5569457
SHA256

2bd42c2df09c3894d7e54348ed3733b53ef5842ce81ee77d421a33fb13a42a5c
SHA512

61e4788cfe0ed5122ca43a3100888b3ce99b2a3194a245e4af9ac5a055aa683ca02e6d0f00278b986e8a4d6a7e88619d45967e128448320e544c1230ee69146c
SSDEEP

12288:d8o1sYY3W1Na3jL1NudBP0Di3awe1fqbQPAOT7m:DsYYm1czL1i6iqF5qc4m7m

Score

9^/10

credential_access defense_evasion discovery execution linux persistence ransomware

Malware Config

Targets

- Target
  
  RDDoS_Tool-1.2/RDDoS_Tool.py
- Size
  
  5KB
- MD5
  
  19d57d20cbbb7ac44561da4734195944
- SHA1
  
  c818c0eac42c267baa1b0bbbb7532585834b1b52
- SHA256
  
  7d9d0acb8f30998bf9ddf30d69105db7752b5c01e42aa2ea189a1e1a082610be
- SHA512
  
  5cbaecd848d437a75f02cccda91ebec375040762091db175aa3371b5afb2897d164583de7692ab899662e222e05332fcd977a863e7a24827260aae64f41f3ca9
- SSDEEP
  
  96:eRoSk89dQGRt5yrB35j4BK0lfwS8Xsd0y08b:HHu3tQN3dKRlfwS8XsdP0q
Score

3^/10

discovery
behavioral1 behavioral2
- Target
  
  RDDoS_Tool-1.2/setup.sh
- Size
  
  515B
- MD5
  
  58f91511747259052d58b02c7ace24b6
- SHA1
  
  7b8c42ecce49ffff5b7c8e5a208c16d31f9759b4
- SHA256
  
  f73d05b428a695cf2aeb5a40439d912c268c7e0e9d37080e087aaf8bd2790339
- SHA512
  
  31e5f83f3bf9f8a360111a4080c6dc1a3f827f7231eec6133d546e90a240789cada3236caaf8005576837c06850c65c9a2cd2e2e44c0748684388a6f91bdba54
Score

9^/10

credential_access defense_evasion discovery execution persistence ransomware
- Renames multiple (75) files with added filename extension
  This suggests ransomware activity of encrypting all the files on the system.
  ransomware
- Executes dropped EXE
- OS Credential Dumping
  Adversaries may attempt to dump credentials to use it in password cracking.
  credential_access
- Deletes log files
  Deletes log files on the system.
  defense_evasion
- Write file to user bin folder
  persistence
behavioral3 behavioral4 behavioral5 behavioral6

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Unix Shell

Software Deployment Tools

Persistence

Privilege Escalation

Defense Evasion

Indicator Removal

Clear Linux or Mac System Logs

Credential Access

OS Credential Dumping

/etc/passwd and /etc/shadow

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Lateral Movement

Software Deployment Tools

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

credential_accessdefense_evasiondiscoveryexecutionpersistenceransomware

behavioral4

credential_accessdefense_evasiondiscoveryexecutionpersistence

behavioral5

credential_accessdefense_evasiondiscoveryexecutionpersistence

behavioral6

credential_accessdefense_evasiondiscoveryexecutionpersistence