General
-
Target
23s.exe
-
Size
549KB
-
Sample
230701-hbq87agg6s
-
MD5
63d6cd74a7cd01bf3a3921c36e90237f
-
SHA1
f697783da228c7787cf1c6a67a10a8c065d6aaa7
-
SHA256
4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
-
SHA512
51b1aef53c8277b8700630b144f15c9a41df358a43d71ef0b9352bbdf71c8777774f1ef1e361c8c95930143b54fcde590885242df3da60dce5b1a1d3761e2db3
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
Behavioral task
behavioral1
Sample
23s.exe
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Extracted
xorddos
www.imagetw0.com:889
www.myserv012.com:889
http://qq.com/lib.asp
-
crc_polynomial
CDB88320
Targets
-
-
Target
23s.exe
-
Size
549KB
-
MD5
63d6cd74a7cd01bf3a3921c36e90237f
-
SHA1
f697783da228c7787cf1c6a67a10a8c065d6aaa7
-
SHA256
4f02cc4d5426b63e3eca3ada3c9a8a111a952c0e373c5500519ea8eea5ade853
-
SHA512
51b1aef53c8277b8700630b144f15c9a41df358a43d71ef0b9352bbdf71c8777774f1ef1e361c8c95930143b54fcde590885242df3da60dce5b1a1d3761e2db3
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-