Source: /usr/bin/gqczobuacc |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/jjltawydwf |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/rlyjyybyum |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/ouhdchrbdz |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/tjdqviitkh |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/nyavevzqtw |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /lib/libudev.so |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/ctrygxclrx |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/aspbnnkmso |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/fcxqfstrdm |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/uoewtvxqdd |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/dxeguomyxc |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: /usr/bin/lgnmbyzzlq |
Avira: detection malicious, Label: LINUX/Xorddos.cona |
Source: 4ljhdTTyiA |
Virustotal: Detection: 66% |
Perma Link |
Source: 4ljhdTTyiA |
Metadefender: Detection: 62% |
Perma Link |
Source: 4ljhdTTyiA |
ReversingLabs: Detection: 72% |
Source: /usr/bin/gqczobuacc |
Joe Sandbox ML: detected |
Source: /usr/bin/jjltawydwf |
Joe Sandbox ML: detected |
Source: /usr/bin/rlyjyybyum |
Joe Sandbox ML: detected |
Source: /usr/bin/ouhdchrbdz |
Joe Sandbox ML: detected |
Source: /usr/bin/tjdqviitkh |
Joe Sandbox ML: detected |
Source: /usr/bin/nyavevzqtw |
Joe Sandbox ML: detected |
Source: /lib/libudev.so |
Joe Sandbox ML: detected |
Source: /usr/bin/ctrygxclrx |
Joe Sandbox ML: detected |
Source: /usr/bin/aspbnnkmso |
Joe Sandbox ML: detected |
Source: /usr/bin/fcxqfstrdm |
Joe Sandbox ML: detected |
Source: /usr/bin/uoewtvxqdd |
Joe Sandbox ML: detected |
Source: /usr/bin/dxeguomyxc |
Joe Sandbox ML: detected |
Source: /usr/bin/lgnmbyzzlq |
Joe Sandbox ML: detected |
Source: /tmp/4ljhdTTyiA (PID: 4554) |
Reads CPU info from proc file: /proc/cpuinfo |
Jump to behavior |
Source: Traffic |
Snort IDS: 2021022 ET TROJAN Wapack Labs Sinkhole DNS Reply 8.8.8.8:53 -> 192.168.2.20:44091 |
Source: Traffic |
Snort IDS: 2021336 ET TROJAN DDoS.XOR Checkin via HTTP 192.168.2.20:50586 -> 23.253.46.64:80 |
Source: Traffic |
Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.20:39688 -> 204.11.56.48:53 |
Source: Traffic |
Snort IDS: 2020381 ET TROJAN DDoS.XOR Checkin 192.168.2.20:40742 -> 104.161.25.33:53 |
Source: global traffic |
TCP traffic: 192.168.2.20:39688 -> 204.11.56.48:53 |
Source: global traffic |
TCP traffic: 192.168.2.20:40742 -> 104.161.25.33:53 |
Source: global traffic |
HTTP traffic detected: GET /config.rar HTTP/1.1Accept: */*Accept-Language: zh-cnUser-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; TencentTraveler ; .NET CLR 1.1.4322)Host: aaa.dsaj2a.orgConnection: Keep-Alive |
Source: unknown |
DNS traffic detected: queries for: aaa.dsaj2a.org |
Source: global traffic |
HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/7.5X-Powered-By: ASP.NETDate: Mon, 19 Jul 2021 22:23:38 GMTContent-Length: 1245Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 53 74 72 69 63 74 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 73 74 72 69 63 74 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 69 73 6f 2d 38 38 35 39 2d 31 22 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 2d 20 46 69 6c 65 20 6f 72 20 64 69 72 65 63 74 6f 72 79 20 6e 6f 74 20 66 6f 75 6e 64 2e 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0d 0a 3c 21 2d 2d 0d 0a 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 37 65 6d 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 56 65 72 64 61 6e 61 2c 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 45 45 45 45 45 45 3b 7d 0d 0a 66 69 65 6c 64 73 65 74 7b 70 61 64 64 69 6e 67 3a 30 20 31 35 70 78 20 31 30 70 78 20 31 35 70 78 3b 7d 20 0d 0a 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 7d 0d 0a 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 37 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 23 43 43 30 30 30 30 3b 7d 20 0d 0a 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 32 65 6d 3b 6d 61 72 67 69 6e 3a 31 30 70 78 20 30 20 30 20 30 3b 63 6f 6c 6f 72 3a 23 30 30 30 30 30 30 3b 7d 20 0d 0a 23 68 65 61 64 65 72 7b 77 69 64 74 68 3a 39 36 25 3b 6d 61 72 67 69 6e 3a 30 20 30 20 30 20 30 3b 70 61 64 64 69 6e 67 3a 36 70 78 20 32 25 20 36 70 78 20 32 25 3b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 74 72 65 62 75 63 68 65 74 20 4d 53 22 2c 20 56 65 72 64 61 6e 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 23 46 46 46 3b 0d 0a 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 35 35 35 35 35 35 3b 7d 0d 0a 23 63 6f 6e 74 65 6e 74 7b 6d 61 72 67 69 6e 3a 30 20 30 20 30 |