MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6385b86b80ab8c43df5d6975a129edf940819b82bcaf6078edaa454704b44e03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry


Threat unknown


Vendor detections: 4


Intelligence 4 IOCs YARA File information Comments
Download sample Add tag Delete this sample Report a False Positive

SHA256 hash: 6385b86b80ab8c43df5d6975a129edf940819b82bcaf6078edaa454704b44e03
SHA3-384 hash: 6403aa9f52f0c172c82e0a6421b2bf52ff3e3b774005cfbb16c429247e9c3a25a74c1ab12a387edc8279e986e6614e36
SHA1 hash: 19af3b91b19070956582eaefed9e93d4213712f0
MD5 hash: e3d1f5c7822bfd197df1c344b5b6a5a7
humanhash: speaker-alanine-stairway-red
File name:6385b86b80ab8c43df5d6975a129edf940819b82bcaf6078edaa454704b44e03
Download: download sample
File size:562'240 bytes
First seen:2021-03-22 12:37:57 UTC
Last seen:2021-05-05 09:57:03 UTC
File type: elf
MIME type:application/x-executable
ssdeep 12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
TLSH 50C45C06E243A2F7D82705B0128BF7BF4630F63584529DC6B7949E5AB9338F26A4D353
telfhash 75c127332ab158a8b7f04c06936a7220ce39e02759d03ab51df2a490b7b2d536775d79
Reporter Anonymous


Avatar
Anonymous
Capture SSH Cowrie honeypot

Intelligence

File Origin
# of uploads :
4
# of downloads :
94
Origin country :
n/a
Vendor Threat Intelligence
Detection(s):
Unix.Trojan.Xorddos-7650646-0
Create hunting rule

Unix.Malware.Xorddos-9753634-0
Create hunting rule

Result
Verdict:
MALICIOUS
Verdict:
Malicious
Link:
https://analyze.intezer.com/analyses/37f19196-3fa0-440c-aec7-6a0793d9b3d9
Detection:
n/a
Link:
https://mwdb.cert.pl/sample/6385b86b80ab8c43df5d6975a129edf940819b82bcaf6078edaa454704b44e03/
Threat name:
Linux.Trojan.XorDDoS
Create hunting rule
Status:
Malicious
First seen:
2021-03-22 00:12:16 UTC
AV detection:
20 of 29 (68.97%)
Threat level:
  5/5
Result
Malware family:
n/a
Score:
  9/10
Tags:
linux persistence
Link:
https://tria.ge/reports/210322-cpf6ttfgre/
Behaviour
Writes file to tmp directory
Modifies rc script
Writes file to system bin folder
Please note that we are no longer able to provide a coverage score for Virus Total.
Threat name:
Xorddos
Score:
1.00
Link:
https://yomi.yoroi.company/submissions/6385b86b80ab8c43df5d6975a129edf940819b82bcaf6078edaa454704b44e03

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Joe
Joe Sandbox
https://www.joesandbox.com/analysis/372832/0/html
  
Delivery method
Other
  
URLhaus
https://urlhaus.abuse.ch/url/1084420/

Comments