Resubmissions
22/05/2025, 03:10
250522-dn9h3sfn3z 622/05/2025, 02:51
250522-dcdx2afk3z 621/05/2025, 02:52
250521-dc448adp7x 1021/05/2025, 02:41
250521-c6f4tadn8z 621/05/2025, 02:34
250521-c2k7zavn16 621/05/2025, 02:05
250521-ch6dsseq7s 721/05/2025, 01:50
250521-b9hw5sxly5 621/05/2025, 01:41
250521-b39raaxls5 617/05/2025, 09:35
250517-lkf2csck5t 617/05/2025, 09:19
250517-laaftscj51 6General
-
Target
visual.exe
-
Size
12.2MB
-
Sample
250521-dc448adp7x
-
MD5
a6de62fc30088488d483b7f88893e62c
-
SHA1
26e5752bdf7406cd554403afb4d969ceb1cc380e
-
SHA256
ef12d7c8167d4fe2d79a8faf27c2c681801e1d72f7ee2c8836ee665a78390a50
-
SHA512
9439d997290dd91a7c736db32ad1d4cc50437e96b3999ae62b7afd957736c828a3d20080a453384d2ca4ee474bc37ab41af75ddda45eea9fb9ee883de5f93d10
-
SSDEEP
98304:8xJmTXY7HrDPO7cbCYX3hwWAe0hb9fTTrADkS8KZR+Mk4PcE9ORt50:8xJJPCcbCC3hZqhxTrADkS8m/kIQtK
Static task
static1
Malware Config
Targets
-
-
Target
visual.exe
-
Size
12.2MB
-
MD5
a6de62fc30088488d483b7f88893e62c
-
SHA1
26e5752bdf7406cd554403afb4d969ceb1cc380e
-
SHA256
ef12d7c8167d4fe2d79a8faf27c2c681801e1d72f7ee2c8836ee665a78390a50
-
SHA512
9439d997290dd91a7c736db32ad1d4cc50437e96b3999ae62b7afd957736c828a3d20080a453384d2ca4ee474bc37ab41af75ddda45eea9fb9ee883de5f93d10
-
SSDEEP
98304:8xJmTXY7HrDPO7cbCYX3hwWAe0hb9fTTrADkS8KZR+Mk4PcE9ORt50:8xJJPCcbCC3hZqhxTrADkS8m/kIQtK
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Xorddos family
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Downloads MZ/PE file
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Executes dropped EXE
-
Loads dropped DLL
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-