MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 60d6733c1940b62f13cfe42d34c0c43aa73f3b8822d8c21cad5d3ebd6b9f94e2. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 60d6733c1940b62f13cfe42d34c0c43aa73f3b8822d8c21cad5d3ebd6b9f94e2
SHA3-384 hash: 2e51b01040171ca357cff31dd10391304bc59617a2222cc654cb4ef339ca146d955c4e633edc232773c4665886dd9d32
SHA1 hash: ac79ba5fd6618edf16c5c3e5d4f91576f7dbbb1a
MD5 hash: b35918ab7dd7b7582fd45ee3144baff4
humanhash: echo-carbon-avocado-washington
File name:60d6733c1940b62f13cfe42d34c0c43aa73f3b8822d8c21cad5d3ebd6b9f94e2
Download: download sample
File size:562'240 bytes
First seen:2021-03-30 12:05:11 UTC
Last seen:2021-05-05 09:57:00 UTC
File type: elf
MIME type:application/x-executable
ssdeep 12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
TLSH E0C45C06E243A2F7D82705B0128BF7BF4630F63584529DC6B7949E5AB9338F26A4D353
telfhash 75c127332ab158a8b7f04c06936a7220ce39e02759d03ab51df2a490b7b2d536775d79
Reporter c0r3dump3d1
Tags:Evader


Avatar
c0r3dump3d1
Hunted in Cowrie SSH honeypot

Intelligence

File Origin
# of uploads :
4
# of downloads :
102
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Xorddos-7650646-0
Create hunting rule

Unix.Malware.Xorddos-9753634-0
Create hunting rule

Result
Verdict:
MALICIOUS
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/60d6733c1940b62f13cfe42d34c0c43aa73f3b8822d8c21cad5d3ebd6b9f94e2/
Threat name:
Linux.Trojan.XorDDoS
Create hunting rule
Status:
Malicious
First seen:
2021-03-29 19:36:55 UTC
AV detection:
10 of 20 (50.00%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
linux persistence
Link:
https://tria.ge/reports/210330-7emt7fnwge/
Behaviour
Writes file to tmp directory
Modifies rc script
Writes file to system bin folder
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Xorddos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/60d6733c1940b62f13cfe42d34c0c43aa73f3b8822d8c21cad5d3ebd6b9f94e2

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

elf 60d6733c1940b62f13cfe42d34c0c43aa73f3b8822d8c21cad5d3ebd6b9f94e2

(this sample)

Joe
Joe Sandbox
https://www.joesandbox.com/analysis/658297
  
URLhaus
https://urlhaus.abuse.ch/url/1084420/
  
Delivery method
Distributed via web download

Comments