A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #32132  by r0ny
 Fri Sep 21, 2018 3:58 pm
Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows

ref:https://researchcenter.paloaltonetworks ... x-windows/

IOCs:
f888dda9ca1876eba12ffb55a7a993bd1f5a622a30045a675da4955ede3e4cb8

31155bf8c85c6c6193842b8d09bda88990d710db9f70efe85c421f1484f0ee78

725efd0f5310763bc5375e7b72dbb2e883ad90ec32d6177c578a1c04c1b62054

d7fbd2a4db44d86b4cf5fa4202203dacfefd6ffca6a0615dca5bc2a200ad56b6

ece3cfdb75aaabc570bf38af6f4653f73101c1641ce78a4bb146e62d9ac0cd50

Thanks,
 #32135  by Antelox
 Sat Sep 22, 2018 11:09 am
BR,

Antelox
You do not have the required permissions to view the files attached to this post.
 #32177  by nimaarek
 Tue Oct 09, 2018 1:58 pm
Hi everyone,
I do not know why I can not replay in Xbash topic!
http://www.kernelmode.info/forum/viewto ... =21&t=5225
Why should this topic be locked?
Anyway, I did research about Xbash malware that I encountered in these files and I share them with you.
rootv2.sh : 9dfbc591c3c5a157828469fd3776846a
r88.sh : 495F345641227D258B92E0BB83019FAA
You do not have the required permissions to view the files attached to this post.
 #32178  by EP_X0FF
 Tue Oct 09, 2018 2:14 pm
All topics moved to Completed Malware Requests automatically locked for further replies. This is by design. Topics now joined and moved to Malware.