Extracted

• • Target

    765f43adb33f4b603b73d61612fe4f7e

  • Size

    610KB

  • MD5

    765f43adb33f4b603b73d61612fe4f7e

  • SHA1

    20169da4ccc0d5b9b7a223461528de0d0eac9309

  • SHA256

    e38c5cf4542a8c885ae310ed03b3ce8cfb46f3d92cd7da2f54c19cfda6152345

  • SHA512

    bc4e47dfe75fa21b8d65fc229bab795d1f49388c00de7574ef8d5fcda1c01adfa31c1ca44c072c8bb25507c533399af2c8be6692145b5da08e307a6fab6a7ac7

  • SSDEEP

    12288:WBmHsnhar0nJ7FGY5HRYxC1mqiL40qFCWU7k/rU6yZNnXgW4UlUuTh1AG:WBmHgaUVFGAR11mTL40q/lGpXgUl/91h

  Score

  10^/10

  xorddosbotnetdownloaderpersistence

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos

  • XorDDoS payload

  • Deletes itself

  • Executes dropped EXE

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence

  • Write file to user bin folder

  behavioral1