General
-
Target
76b7d3ea85670884d680736ba9321ae2
-
Size
647KB
-
Sample
231220-bazevadcek
-
MD5
76b7d3ea85670884d680736ba9321ae2
-
SHA1
0adecbd972cf29c6b0f0fe94747a07d7f172a2f4
-
SHA256
c2b9c35d9cf82d758ee678c733f5b180b7eb520e3aeef7c7fef373a537e7f359
-
SHA512
b435bccd4ca21a769d8b23cc3064762951569087e9c53e514d628149e5b465f51a3bfd0ce73b38132a8205113dd17734538fd9bf97f3b1d2150c51a8b96ac035
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton/p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m/6wvnDWXMN
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
aaaaaaaaaa.re67das.com:5859
222.187.238.16:2897
xiaoji12.top:2897
-
crc_polynomial
EDB88320
Targets
-
-
Target
76b7d3ea85670884d680736ba9321ae2
-
Size
647KB
-
MD5
76b7d3ea85670884d680736ba9321ae2
-
SHA1
0adecbd972cf29c6b0f0fe94747a07d7f172a2f4
-
SHA256
c2b9c35d9cf82d758ee678c733f5b180b7eb520e3aeef7c7fef373a537e7f359
-
SHA512
b435bccd4ca21a769d8b23cc3064762951569087e9c53e514d628149e5b465f51a3bfd0ce73b38132a8205113dd17734538fd9bf97f3b1d2150c51a8b96ac035
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton/p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m/6wvnDWXMN
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-