MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 4f159f6a745752e3211ca1146830c86075fd8f5db60f704605a57db904dcf5c5. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

RedXOR

Vendor detections: 6

Intelligence 6 IOCs YARA File information Comments

SHA256 hash:	4f159f6a745752e3211ca1146830c86075fd8f5db60f704605a57db904dcf5c5
SHA3-384 hash:	c56a06fb919c16dde3f43110527d932498ebb716c26154cb27e30b9160824873229a7d825ee8c994faed65194ceceecc
SHA1 hash:	b2d16fe2fdc74875c52a5d7752326a4ab6179160
MD5 hash:	e35bcfc1b7c148650c55d8969abb378c
humanhash:	eleven-leopard-stream-mirror
File name:	4f159f6a745752e3211ca1146830c86075fd8f5db60f704605a57db904dcf5c5.bin
Download:	download sample
Signature	RedXOR Create hunting rule
File size:	53'901 bytes
First seen:	2021-05-24 00:22:26 UTC
Last seen:	Never
File type:	elf
MIME type:	application/x-executable
ssdeep	768:ywbjcMw77sDM+OMUr81HaK3zhhXGJ4J2LpIRn6ICqT8IFNca/yvZYy:ywFwHdHm6knWJ4J2qRn6ICqoIFB/mYy
TLSH	E033C61BA626C97EC0D5F5740FDB8AA0A0E274F44F36714B32011BB76D927A40F1E76A
telfhash	aff09e01f93e9b1456fb0430cc0847a68047a706d1366f61eff5e9c0843a91a9224b5e
Reporter	Arkbird_SOLG
Tags:	apt RedXOR Winnti

Intelligence

File Origin

# of uploads :

# of downloads :

192

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

Unix.Trojan.Redxor-9844791-0

Verdict:

Malicious

Uses P2P?:

false

Uses anti-vm?:

false

Architecture:

x86

Packer:

not-packed

Botnet:

Number of open files:

150

Number of processes launched:

Processes remaning?

false

Full report:

https://elfdigest.com/brief/4f159f6a745752e3211ca1146830c86075fd8f5db60f704605a57db904dcf5c5

Behaviour

Persistence

Botnet C2s

Result

Verdict:

MALICIOUS

Malware family:

RedXOR

Verdict:

Malicious

Link:

https://analyze.intezer.com/analyses/d6500ebf-4d87-42a5-be10-507bfce3d699

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/4f159f6a745752e3211ca1146830c86075fd8f5db60f704605a57db904dcf5c5/

Threat name:

Linux.Backdoor.RedXOR

Status:

Malicious

First seen:

2021-03-25 09:53:12 UTC

AV detection:

15 of 29 (51.72%)

Threat level:

5/5

Result

Malware family:

n/a

Score:

8/10

Tags:

linux persistence

Link:

https://tria.ge/reports/210524-jj7764nxqn/

Behaviour

Reads runtime system information

Modifies init.d

Modifies hosts file

Writes DNS configuration

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Siggen

Score:

0.80

Link:

https://yomi.yoroi.company/submissions/4f159f6a745752e3211ca1146830c86075fd8f5db60f704605a57db904dcf5c5

File information

The table below shows additional information about this malware sample such as delivery method and external references.

No further information available

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample