MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 19f49c94e83ddfebd02212994df5d41b415a117b33cf864cc5571f23d563d86e. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


XorDDoS


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 19f49c94e83ddfebd02212994df5d41b415a117b33cf864cc5571f23d563d86e
SHA3-384 hash: 9519f8a6fa0bd53e9dd7cb59d6005afee793a3437a4e09f545e708b140d0f218e879ff09c8902825de60a2dc4131c0b3
SHA1 hash: dd151367dba723573674cf051f173a044d33dd95
MD5 hash: ffaec83763521da2708becad6446f052
humanhash: alpha-autumn-five-pennsylvania
File name:19f49c94e83ddfebd02212994df5d41b415a117b33cf864cc5571f23d563d86e
Download: download sample
Signature XorDDoS
Create hunting rule
File size:562'240 bytes
First seen:2021-03-27 21:49:56 UTC
Last seen:2021-05-05 09:55:46 UTC
File type: elf
MIME type:application/x-executable
ssdeep 12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
TLSH 6CC45C06E243A2F7D82705B0128BF7BF4630F63584529DC6B7949E5AB9338F26A4D353
telfhash 75c127332ab158a8b7f04c06936a7220ce39e02759d03ab51df2a490b7b2d536775d79
Reporter c0r3dump3d1
Tags:elf Evader XorDDoS


Avatar
c0r3dump3d1
Detected Cowrie Honeypot

Intelligence

File Origin
# of uploads :
4
# of downloads :
200
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Xorddos-7650646-0
Create hunting rule

Unix.Malware.Xorddos-9753634-0
Create hunting rule

Result
Verdict:
MALICIOUS
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/6df928cc-e312-4a65-a924-4cda4ab786be
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/19f49c94e83ddfebd02212994df5d41b415a117b33cf864cc5571f23d563d86e/
Threat name:
Linux.Trojan.XorDDoS
Create hunting rule
Status:
Malicious
First seen:
2021-03-25 10:03:57 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
linux persistence
Link:
https://tria.ge/reports/210327-3jqwbf5qpe/
Behaviour
Writes file to tmp directory
Modifies rc script
Writes file to system bin folder
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Malicious File
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/19f49c94e83ddfebd02212994df5d41b415a117b33cf864cc5571f23d563d86e

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

XorDDoS

elf 19f49c94e83ddfebd02212994df5d41b415a117b33cf864cc5571f23d563d86e

(this sample)

Joe
Joe Sandbox
https://www.joesandbox.com/analysis/655935
  
URLhaus
https://urlhaus.abuse.ch/url/1084420/
  
Delivery method
Distributed via web download

Comments