xorddos | f0925a77cf0d973c935b9f65051bd27bf75887949adc3a06350210a2523961d9

Analysis

max time kernel
149s
max time network
143s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20250307-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20250307-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
10/04/2025, 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

task2.bin.elf
Size

611KB
MD5

a2792875c6a476bcb0256aba2a50bf7b
SHA1

571b871cb0f284489c28d9fc72057d6beef77057
SHA256

f0925a77cf0d973c935b9f65051bd27bf75887949adc3a06350210a2523961d9
SHA512

29aa5d8f29a0e3e8fc10cf2b8d457ffddd7c518c6eed3b8270a3387f463a550a4e3a3b75c678ce3abba3190f4a8607953d0e77139fb65266d29a6ccd907f000b
SSDEEP

12288:5BXOviwV1/n/dQFhWlH/c1dHo4h9L+zNZrrIT6yF8EEP4UlUuTh1Au:5BXNkN/+Fhu/Qo4h9L+zNNIBVEBl/91l

Score

10^/10

xorddos botnet discovery downloader execution persistence privilege_escalation rootkit

Malware Config

Extracted

Family

xorddos

http://aaa.dsaj2a.org/config.rar

ww.dnstells.com:53

ww.gzcfr5axf6.com:53

ww.gzcfr5axf7.com:53

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 31 IoCs

resource	yara_rule
behavioral1/files/fstream-6.dat	family_xorddos
behavioral1/files/fstream-7.dat	family_xorddos
behavioral1/files/fstream-8.dat	family_xorddos
behavioral1/files/fstream-9.dat	family_xorddos
behavioral1/files/fstream-10.dat	family_xorddos
behavioral1/files/fstream-11.dat	family_xorddos
behavioral1/files/fstream-12.dat	family_xorddos
behavioral1/files/fstream-13.dat	family_xorddos
behavioral1/files/fstream-14.dat	family_xorddos
behavioral1/files/fstream-15.dat	family_xorddos
behavioral1/files/fstream-16.dat	family_xorddos
behavioral1/files/fstream-17.dat	family_xorddos
behavioral1/files/fstream-18.dat	family_xorddos
behavioral1/files/fstream-19.dat	family_xorddos
behavioral1/files/fstream-20.dat	family_xorddos
behavioral1/files/fstream-21.dat	family_xorddos
behavioral1/files/fstream-22.dat	family_xorddos
behavioral1/files/fstream-23.dat	family_xorddos
behavioral1/files/fstream-24.dat	family_xorddos
behavioral1/files/fstream-25.dat	family_xorddos
behavioral1/files/fstream-26.dat	family_xorddos
behavioral1/files/fstream-27.dat	family_xorddos
behavioral1/files/fstream-28.dat	family_xorddos
behavioral1/files/fstream-29.dat	family_xorddos
behavioral1/files/fstream-30.dat	family_xorddos
behavioral1/files/fstream-31.dat	family_xorddos
behavioral1/files/fstream-32.dat	family_xorddos
behavioral1/files/fstream-33.dat	family_xorddos
behavioral1/files/fstream-34.dat	family_xorddos
behavioral1/files/fstream-35.dat	family_xorddos
behavioral1/files/fstream-36.dat	family_xorddos

Xorddos family
xorddos

Writes memory of remote process 2 IoCs

pid	Process
2520	task2.bin.elf
2529	task2.bin.elf

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2520	task2.bin.elf
2521	task2.bin.elf
2527	task2.bin.elf
2521	task2.bin.elf
2530	task2.bin.elf
2529	task2.bin.elf
2521	task2.bin.elf
2533	task2.bin.elf
2535	task2.bin.elf
2537	task2.bin.elf
2546	task2.bin.elf
2555	task2.bin.elf
2540	task2.bin.elf
2542	task2.bin.elf
2590	task2.bin.elf
2615	task2.bin.elf
2624	task2.bin.elf
2530	task2.bin.elf
2529	task2.bin.elf
2529	task2.bin.elf
2521	task2.bin.elf
2521	task2.bin.elf
2546	task2.bin.elf
2546	task2.bin.elf
2555	task2.bin.elf
2555	task2.bin.elf
2590	task2.bin.elf
2590	task2.bin.elf
2615	task2.bin.elf
2615	task2.bin.elf
2624	task2.bin.elf
2624	task2.bin.elf
2530	task2.bin.elf
2529	task2.bin.elf
2529	task2.bin.elf
2546	task2.bin.elf
2546	task2.bin.elf
2555	task2.bin.elf
2555	task2.bin.elf
2590	task2.bin.elf
2590	task2.bin.elf
2615	task2.bin.elf
2615	task2.bin.elf
2624	task2.bin.elf
2624	task2.bin.elf
2529	task2.bin.elf
2529	task2.bin.elf
2546	task2.bin.elf
2546	task2.bin.elf
2555	task2.bin.elf
2555	task2.bin.elf
2590	task2.bin.elf
2590	task2.bin.elf
2615	task2.bin.elf
2615	task2.bin.elf
2624	task2.bin.elf
2624	task2.bin.elf
2529	task2.bin.elf
2529	task2.bin.elf
2546	task2.bin.elf
2546	task2.bin.elf
2555	task2.bin.elf
2555	task2.bin.elf
2590	task2.bin.elf

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	103.254.75.120

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

execution persistence privilege_escalation

Cron

T1053.003

description	ioc	Process
File opened for modification	/etc/crontab	task2.bin.elf

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	systemctl

/tmp/task2.bin.elf
/tmp/task2.bin.elf
1⤵
- Writes memory of remote process
- Loads a kernel module
- Creates/modifies Cron job
PID:2520
- /bin/sed
  sed -i "/\\/etc\\/cron.hourly\\/gcc.sh/d" /etc/crontab
  2⤵
  - Reads runtime system information
  PID:2528
- /bin/systemctl
  systemctl daemon-reload
  2⤵
  - Reads runtime system information
  PID:2538

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Cron

T1053.003

Persistence

Scheduled Task/Job

T1053

Cron

T1053.003

Privilege Escalation

Scheduled Task/Job

T1053

Cron

T1053.003

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/crontab

Filesize
1KB

MD5
f85f0a4cb1d0da23b7e8e4a80a5a9f59

SHA1
f7b9ebeb87ee01c0caa97df076e6420f5e5c66a9

SHA256
696de2ac7d880173f049febcf30288e8f77b4ff54baf7ea70ef1261a3bbe5d97

SHA512
a770f7e2a0ce96ef084c9baf845148950ec23bd7a1e99d23438ff7872cfc039db690b10884e979de8aef200abde73ac5f69c9ce0cd7800ccda0b0ef0640eb27d

Download Submit
/etc/init.d/task2.bin.elf

Filesize
330B

MD5
b052fcfb6e57694058246853df989042

SHA1
e41ad5325bb0a439652c3d3a476a20306b8176ab

SHA256
1515905ade76fd61c449e2dcc34662474d36ea9223743b0d7bf6437a873b91fb

SHA512
9a777aa5f0d4954508cd2cc8dd993d9a1dd54302436fe426e1fd229da12092799bd3b1ac014217f8bb2bacc43f56e3fb7e8f918ad467b6a4e13a501b4ceb53a8

Download Submit
/etc/sedbZKs8y

Filesize
1KB

MD5
85f7ff2020ac8c72212f076ddf33c0be

SHA1
df06ddd9c29e8da5cff1aa356e9529336573422f

SHA256
ffb48ad57868ed639fad049d11ef4b9bcdd3d2d3e556754ce69b4d6b016969a3

SHA512
d7e2d6116adbe768dd078b490575f7757c0e98859a96d280756446bd7e6bf46e24381b0cf86bf5ae3eb4e15bb3743a34cf910f30dd27888de4c5d12bc0a7ea00

Download Submit
/run/gcc.pid

Filesize
32B

MD5
7b205ebff11e52b4352fd6a904d2aadf

SHA1
ef40d22eb528985d6f0a2e36de50b02962c3bb2c

SHA256
7bdf345cf087b3b94a66a0c3370bcdbbe432ad8064462717076926e6f05710df

SHA512
32782c7dc5b156d11307081178fab084d683bc68869a75242612e3110504e8adfc191b141146a982141ac201ee000a55ea315e834e76e16d8e3eed74cf10c734

Download Submit
/usr/bin/adiliyiyjq

Filesize
611KB

MD5
2aeab9bd3c2d4f1a57442b55ed463f8d

SHA1
cfa7dfdbb0111a3e9a15ab3f84f8fc90672562bf

SHA256
dd891fe1a90dd61378dec0fea9e2f344a0c751e864fb29f21b180ffb199b3aab

SHA512
13c268ad9d3646c88d0bfc7c2d0a24350c458e77ded827533b8c6e1bda486f2bff9685ced3b6bb420ea965807a37ef354401c121ecee42719a729990ea7adc7b

Download Submit
/usr/bin/bvwkgmaxtm

Filesize
611KB

MD5
d6de0fe4f27e1c8b96e1e31907769560

SHA1
e55521569e1407dba92738e2dc186c9bb767ca89

SHA256
a296eb36729b74211698ca8c0e8ccc91a4a5b7b661cad47c6f19feead8bf667a

SHA512
c5260060d9052b01f0679fdda835e66ed3494752736597fc3185a609fa5679e229302feba9c05864d6911f2c1dbbaba738acaf5d0bd96d1cc32f1eadb430864f

Download Submit
/usr/bin/digeegueab

Filesize
611KB

MD5
e22fa8b065f4b44a72f78538c67bd367

SHA1
ae9042c6fb1b7e7dc3cc3d309eed3d8f0da397b2

SHA256
142161647ba87cbc1824a4129fdb605d5629cca4dd030e13991f1d4211da030a

SHA512
069e4f20ac1cbde1999325491a7eface785be0681b3f6ad855d1b0f43dafbc226ae256c30e02fa62d8ad5942a31d536be94504ff59379652176de57bd6ee37b1

Download Submit
/usr/bin/dmygychtzy

Filesize
611KB

MD5
a5ce10e485b8993e91cabf47ae7bf739

SHA1
050a5a55c7dd3ad20792696c25af4529aaca6396

SHA256
ddffea76d63ccee9ed967055bfee3a8d63b40437d0c5b526b6cdf474c55a2d8c

SHA512
497d98cebf504413c53be3791b031c1d9c60c275b63cb1c31457148abd3805561cecc819a541147241a6132204075edf8a050672eee1a01e91e23701cfa03f2d

Download Submit
/usr/bin/drqcmknpix

Filesize
611KB

MD5
e6b883de5a9554d514eff07902ff66c0

SHA1
dfdaa22aa913c998035c3d58952c00f54f46fd90

SHA256
5e4699b9d9d8b444d75191a7e071b85fd25edb35ebf7dd09d1f96ee060577174

SHA512
2afb64cc275db60e094c7746c6d56555f52d44aa7fac41c8353da6e0542365f2c04df013387216bea5ec93fc1a7d34f929f6a5a2d376d01fe782be2657f0de95

Download Submit
/usr/bin/eazjsgdgob

Filesize
611KB

MD5
597d7aa5bd338482b9d0b1149a3fda59

SHA1
306291ba4bb7cc735cc0b6f419352285cbc37d2a

SHA256
5f57df5f6f53208644244e28e268cb2b5f6434c360da9f7e5602854a90e1fba2

SHA512
f89155c008db88122f2fe18394540977fd00c1f1aaa77fd93e7a919ab69a762b7ee19b13264832340a5fd4edf524d084a9295d404a8215073cb4a3904eecd093

Download Submit
/usr/bin/egrmpjuifr

Filesize
611KB

MD5
99e02b6d18e3ea9017b2ca37bc580afb

SHA1
349fffb3060844d433b0c2386b4372957a1a8c26

SHA256
fd22ca9eead62d6e9c7c2acfc3512c4fab0d4ac4aa86c2269eeb08ceac84ab8a

SHA512
61431a989ad061a2c36e10547bcb54317dcfd119585329280d9ab5a8dfb2ecb0fb7445b8655d069a96548c6d3fb1e72268414ef708f6f97f5706b2f69d9686c8

Download Submit
/usr/bin/elfkyetspi

Filesize
611KB

MD5
dccd050519f2d945d57f8501dd97d428

SHA1
0bca790a9e4dad4f5b552bc7b99350cf2253e4b6

SHA256
d8b65f2912bdcaa82bdd682bdde9803f5fade2d18d7a512d7ce813d6a7023ada

SHA512
3b89e5107f7809186dfc5406bd3a5f1a23c38a3f6de4e4710d467501bf16f082eab0e489bd0334f8e61279b736e5629fbe439e3c06d39569c5491da857c9f6b0

Download Submit
/usr/bin/fuznhzvjfm

Filesize
611KB

MD5
ff1e2f063623a3ea70862fa57546e616

SHA1
b717120d3a669a661b5a8722748e23ebcc9a0192

SHA256
74965ae315cb498d0f8edf2ea0c7f3b78cca7793bc3278e95a44cac2d9bbe504

SHA512
7528cf2d84243c4847e7b36ce62985262993fa295f7182b889a884cba0c78ec6f1bc6e47a6c29b9ff0b401e388a799eb3ea74f5fd5eaca1d7b3a276238ab5828

Download Submit
/usr/bin/gbvyshmztr

Filesize
611KB

MD5
4ff25af51a36b14ad4df12565e19a8cf

SHA1
29780ebc1030b851fb18efe03b2e839b7c018a66

SHA256
3810fbb6b19bafb111d366f9320876ac54043aaf1e3baa116451ffc0589e7ba0

SHA512
8c2bad9d06472a2dbe5f0e77f8d4d996986177c2c31dba9d67af195788c6049594bca2f72a25a2a1da627463eb7aa94849e61f7e6dffe3fb4473dee580a10f3f

Download Submit
/usr/bin/gsohtgsptx

Filesize
611KB

MD5
b976cc2755c5799647e469cda15eaf32

SHA1
29adecca4fc33ddd2e9d9514dada91be48b3a3d5

SHA256
3d66b5521fd427bc7dae7c6aab25383a60f507aafa6e8e87e502291667f3f1eb

SHA512
b5325c246175906e5976012fa248a638578db2898f6c630b11bf449c1f20414728ee487b2bbf62d66bbaa6ddf50cc5c944b0041ffd7de962a03e9890c962f80b

Download Submit
/usr/bin/ionztvzanv

Filesize
611KB

MD5
772e7b3beeece317f673a1cb225f1b46

SHA1
3dd297b919059d61a6b0e105e8c048692875eccd

SHA256
cb99b4d784daa6e21a4790d4fde55b221c226c33627d6d57e0c40ba68c9656ef

SHA512
ddb789f372454e4fe9eb81df65d40f77f353d278f27257f27563b5634bb948374d3c994abcf30f11202fb395da43f8c7f5ec489eb837413060f03c06befee0d0

Download Submit
/usr/bin/irhpylufcz

Filesize
611KB

MD5
a14c18747866c0de440b9a7e168b62a6

SHA1
eb9bf19c3c92fd0293a46cff34af97aca88cb215

SHA256
52bc6ca14af1c69022cf3f3e6ee2227404994e76d49e1864d795ed1cdf8907c4

SHA512
6d586f6543159db6b7db7a435fed25601a6d2d6717162a447d385edccbf9b3b591f9ee240881484f800f025e97530239b8bd523b1664fde8125681ae261caa5c

Download Submit
/usr/bin/ljjlbhgnei

Filesize
611KB

MD5
5b697c1061509bb52f223ffbb44e9f58

SHA1
bff697b62e2ef54a16f7dc046e4a909c59c256f8

SHA256
9489dd60ce3f7ccb1a3c0dbaae374527374da4f0b65624d78a3efda12dc8e594

SHA512
8e13e6be381f1b3dd18a06817b0c6b1bdf54189204192888e297a15012b7a043c428ce6c1d13cdc47c50518d00bf71256a8afbc55166ef7b586f087bf0e99e15

Download Submit
/usr/bin/mdjlxlsqgx

Filesize
611KB

MD5
579f654f2845e580bfd1a4d6d5b626fa

SHA1
02a3b1cd0154cd4d0b0677c14355922e20b09b36

SHA256
3e7eb89632f3f242d9b7374ad723d895c0c456cd23b685ae51964548bb4bb8ce

SHA512
258ff2ea2e02f25203f267b23323d507cdc50fd14edd51b04ed980a9be217cf8e09cd0b794601488908a737ea02241f118c340115dffad65095bc8d3e11ebecf

Download Submit
/usr/bin/mtlzblzszi

Filesize
611KB

MD5
9e857922ffecc511889e52a55ffce35a

SHA1
db3b1e2ca26ff5970ba1620db29aaf30278f7923

SHA256
e97c9e8640f416c14de88825021ce19e382c970477aa08dac6fd9c4bfa1b6f65

SHA512
425ddc523ec8d521f19952299d99efd8271d1c2a5d83606d4225721ac5f4ab5a5e4491a50bc5ba1b83609fe40c58be0d2284665c61c21c47dd7d50beb4fb17e7

Download Submit
/usr/bin/mzxhhtxgkg

Filesize
611KB

MD5
47fe4606df74cff7a5f5b15e11fa8dea

SHA1
47e4d83dcc451383dc221fd4eacae7ff00786f25

SHA256
2886d16a5f74c628639a42dbaada6bfdcc7216a36d8a6d0d1959b1fb3830e94d

SHA512
5ad0eb47e51c9ccb8e7c5fc2d12776208320a3e3c23295eaa3119a0c2ea7c28120037648c794c32f186f74d14335c345c040408addb46fdb64af8c8df50cc018

Download Submit
/usr/bin/qfquhhuatz

Filesize
611KB

MD5
b2251db0c2ad09576e6ef8629ed4357d

SHA1
e0559daee0920821780201e1eb61b18bb534120f

SHA256
f7bcd1486748df95226ca061ec3983cc02630c94920c0a4598200f79a393ce8e

SHA512
c12191bc2811073c9b29d14ea9f894a54de2bdc29323fae7bf093b28a737db169beebb03c5ecb3f40cf52c22ccf470dbc22ac0d0e8952ef4536c8e855a51cb3d

Download Submit
/usr/bin/swdsbsxzbd

Filesize
611KB

MD5
0e2e565d7086494a5e15528ded93d86f

SHA1
4796bc069536f5712f361e28e6bc2bd89553f157

SHA256
fe9cb90b72586da07ad0722edadec8d04dc02af1404e71a4a0e394ce8e89e538

SHA512
0ee105b23ee19d8b69d3ba521e066c35bd3f280cd2d37a16c63125f949e0b3f562e5c1d88b6e1ecd18e54c4fa9d02004bf355e921045cdb15afe84b0826890ba

Download Submit
/usr/bin/uchmtmklzk

Filesize
611KB

MD5
49d196478cc588046cf704aec46d0d79

SHA1
f1e6c5ef15856e4655a7d1e242f0b50c6a12672a

SHA256
a6177d32c02ff094f9a499f0fa3f5bb2c7af658801f65b5917acf1cf93149cd0

SHA512
f948a1c67278f2107a24aa1fdb5d3d4ddfb458b597db5d7a0ff8de1bfa9a6e11755bb16ec8e2af9155fefae25122d37fd445e8ea0ac8d3b296a1300de4647a05

Download Submit
/usr/bin/utpzoihpgq

Filesize
611KB

MD5
21a4db3b94bfdf727855ecb7ab4804e7

SHA1
ab0d11047cc7743d2739ebbe7d68dd1bae731567

SHA256
a2437808d0e15626ce8fd394a6e10bc5afe8f7d15959ec216b1d06544c7e667a

SHA512
fea3e97a61ef3713548ca947f849049bbcb589e6bf451ffbb66624a148322079db40d8f7d19be4de83a77c28de3f48d770d7c57e70af352b9f1ceea9365ef551

Download Submit
/usr/bin/vjvnfljioz

Filesize
611KB

MD5
ae75569633a29c8c9da1037fc70e177f

SHA1
e40ca6b5bd75c24055543c8919aa88014fa86002

SHA256
9027316844f6c5cf5e99681efff06d7f2a775fb2dc18d9e8ad02ef61d61a30c9

SHA512
65c296ce37ecf4d3022a417510040c617c01f3966b9bd97f04ac89d714c975e7aaa13bd6e0a8cf58f8a421b6fb0538b3ce12e93a4635a0fef75dfcbcb78f0715

Download Submit
/usr/bin/vnoanngyme

Filesize
611KB

MD5
de1db9813cd52b4b4be57bacf61592ad

SHA1
29ae5030acaf1118e19e8af6a774f831ed2b1f76

SHA256
eea063ee678c5fc0eebfe273e6c2af4bd172910b21f45eb3ae16fc3bedd1dc9b

SHA512
24ac2f1b314ee216932dc30266c060fd2fcb117b5a8c17cd7cbd31427b3def977b0281b90f54572498bde6cefbb891a3baf370f4ac7cffaf771f0e231011cfce

Download Submit
/usr/bin/voszaztisb

Filesize
611KB

MD5
e672b863c83fe9da403796b7de0d7500

SHA1
4c0e20b60886c6d180c2e4d0dfe956b6a2bbfe28

SHA256
65e06a02c7324087bdc85d72ae4898ba5ca0d1c6fb64cc844c40eb4923bb7fc7

SHA512
d2d33389f6e3a44c47f41778d2e4f0e18d61145c6a9089880b2e511250948da1447cb89621779ec53d018fb1981310527f9d3d41ed9774b40e2af7d8cc9392fa

Download Submit
/usr/bin/xuqqtbuwlw

Filesize
611KB

MD5
31f702da0dfe4c49edd57e3658b4ae41

SHA1
509cb963a22c00922ac91a45e26e385bfdc317e6

SHA256
e5d73c88513eb2ae7df08e9f65affcc0a981024d86c6469ab6fee20a3904a1f5

SHA512
72967ea14d23253b3cef50245e0502edf4fa6ee776813332fee319fb91dc849e61f09da86253b358b0c6131a2338991b26439df3e6219dbc0082d2f20b497a6f

Download Submit
/usr/bin/ylsgqgskix

Filesize
611KB

MD5
b9c22b56e2203b12008580dc312f6f45

SHA1
fa277b2200b861adfc9265bbf12fe72d0e064fbb

SHA256
e39a0c8967bf2e3d81abb55a49730eaad6fb6b483a81fa9282e3b96be774a95d

SHA512
14785bfa6f5130f7aea4a3393d90ee8134b0d576f757454f9e36b26d211800107d9385e1622a5dd72c2198e08d6ccc8e818b66d747fa8ca4ffc9976a05ced4c6

Download Submit
/usr/bin/yynbuorgzx

Filesize
611KB

MD5
c90f8aa26ad9ad7b34e3d1f942989b05

SHA1
391a1311aafdfc873248943fa16bbae32d84f275

SHA256
f55324d4891f403babe939951385c9c29bc62e156bc2259fde5aa78152f5dcc3

SHA512
97c5921a03affc76993c620661c6b19a25d5802dbc70b7f4fe0851a3101f7e5f636212994b7d9e6c5e1dae7ce4a78c5427082e5fd8fedad35a1c448ef3de3ccc

Download Submit
/usr/bin/zesolszypr

Filesize
611KB

MD5
375874ada6ce12f30f0c0ae55923d3ba

SHA1
a12f2aefaf21361700b858708453d7b686517f88

SHA256
5fd2f092064cf45de773f4d04463abea7cde73536e5b0f020ad8075e3831c0ec

SHA512
574c0286283e322fbe3e500ca4d8fdb657b1c5fbb1c782d8296c61102d8ba4a1860cddb18b25ea2869aff808e9c829d3fe6d1995fb245da7864b06ba7a0b36f0

Download Submit
/usr/bin/zplkcqapno

Filesize
611KB

MD5
79e3b2c80186f6bf27a85b06ca0f2c8f

SHA1
a8fb722c8313f6b58bcf82b7962de2e202b765f5

SHA256
8c94ab935fd1e90a29e6b5a491ef35597e97a5392a33ac6a3b0331a40ee4eeda

SHA512
2c7fededc27b34e6f517a561f9c4a865e317cf7ead9909f89a938aab5742a6a4eb04c280d0eb78b3b0ed7c45e74150c2a46207bd9cc7e19374a4fb3eb08afc49

Download Submit
/usr/bin/zrncgbgjdq

Filesize
611KB

MD5
f55bba0b5ab1ef980fadd530365ed916

SHA1
5dc5c65f1ab2b7f0c711ba73ec870370705e7a67

SHA256
2e107eaeab67183fded51d2b4882044d2361085ab16cd3429392c8cbbbb0fac4

SHA512
b8db102721593097d5267499e168f1fa3fdb150077cc131004e0ee89cbd7c066cbfcf7d4c0b0c92bca257d987951bb6279664471b849e400b15c03e357bc0ae3

Download Submit
/usr/lib/libudev.so

Filesize
611KB

MD5
a2792875c6a476bcb0256aba2a50bf7b

SHA1
571b871cb0f284489c28d9fc72057d6beef77057

SHA256
f0925a77cf0d973c935b9f65051bd27bf75887949adc3a06350210a2523961d9

SHA512
29aa5d8f29a0e3e8fc10cf2b8d457ffddd7c518c6eed3b8270a3387f463a550a4e3a3b75c678ce3abba3190f4a8607953d0e77139fb65266d29a6ccd907f000b

Download Submit

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v16

Replay Monitor

Loading Replay Monitor...

Downloads