MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 5

Intelligence 5 IOCs YARA File information Comments

SHA256 hash:	4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
SHA3-384 hash:	f4d240ecf72a2e143792416a9453957bf07adfdf52e1582c8aa2744a25d21909ea339af453212787492e9a95841868da
SHA1 hash:	f697783da228c7787cf1c6a67a10a8c065d6aaa7
MD5 hash:	63d6cd74a7cd01bf3a3921c36e90237f
humanhash:	early-cold-whiskey-edward
File name:	4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
Download:	download sample
File size:	562'240 bytes
First seen:	2021-05-04 18:27:27 UTC
Last seen:	2022-07-16 05:07:59 UTC
File type:	elf
MIME type:	application/x-executable
ssdeep	12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
TLSH	FAC45C06E243A2F7D82705B0128BF7BF4630F63584129DC6B7949E5AB9339F26A4D353
telfhash	75c127332ab158a8b7f04c06936a7220ce39e02759d03ab51df2a490b7b2d536775d79
Reporter	parthdmaniar
Tags:	Linux malware

parthmaniar

This malware file was captured on my SSH/TELNET honeypot. Give me a shoutout @parthmaniar on Twitter

Intelligence

File Origin

# of uploads :

# of downloads :

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Unix.Trojan.Xorddos-7650646-0

Unix.Malware.Xorddos-9753634-0

Unix.Malware.Xorddos-9856891-0

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

not-packed

Botnet:

Number of open files:

Number of processes launched:

Processes remaning?

false

Full report:

https://elfdigest.com/brief/4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

Behaviour

Persistence

Information Gathering

Botnet C2s

TCP botnet C2(s):

203.205.254.157:80
173.254.217.214:889

Result

Verdict:

MALICIOUS

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853/

Threat name:

Linux.Trojan.XorDDoS

Status:

Malicious

First seen:

2021-04-21 18:37:00 UTC

AV detection:

19 of 29 (65.52%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

9/10

Tags:

linux persistence

Link:

https://tria.ge/reports/210504-dyhspvapzj/

Behaviour

Writes file to tmp directory

Modifies rc script

Writes file to system bin folder

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Xorddos

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853

(this sample)

Delivery method

Distributed via web download

URLhaus

https://urlhaus.abuse.ch/url/1084420/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample