Overview

overview

10

Static

static

10

7beb45f0c5...b1060e

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7beb45f0c5ee36d3747d9ab65eb1060e

  • Size

    546KB

  • Sample

    231220-cdx7mafegl

  • MD5

    7beb45f0c5ee36d3747d9ab65eb1060e

  • SHA1

    2090ef27619730d7211bd5ee195f2bd896e4b171

  • SHA256

    03dde01384ac22b34f623f25d5c8ea284f8fb58e48a8d58efa4869b97479759e

  • SHA512

    74c2f2b67a5d72c0c449db61693059aba161446bb3acf09e4eade547c5361eae065d9e64d5ffd0fabb054192ccdbbec6a30d9af00ddec3ee6588b36725ee2f88

  • SSDEEP

    12288:D3P1A0+Kvdnd4Asvhc27/ao+PzENGtkZg0/CedRlZRqR6yse:Dfm0+KlZsJc27io2zYGtk20/LdF0+

Score
10/10
xorddosbotnetdownloaderlinuxpersistence

Malware Config

Extracted

Family

xorddos

C2

topbannersun.com:8623

wowapplecar.com:8623
Attributes
  • crc_polynomial

    CDB88320

xor.plain

Targets

    • Target

      7beb45f0c5ee36d3747d9ab65eb1060e

    • Size

      546KB

    • MD5

      7beb45f0c5ee36d3747d9ab65eb1060e

    • SHA1

      2090ef27619730d7211bd5ee195f2bd896e4b171

    • SHA256

      03dde01384ac22b34f623f25d5c8ea284f8fb58e48a8d58efa4869b97479759e

    • SHA512

      74c2f2b67a5d72c0c449db61693059aba161446bb3acf09e4eade547c5361eae065d9e64d5ffd0fabb054192ccdbbec6a30d9af00ddec3ee6588b36725ee2f88

    • SSDEEP

      12288:D3P1A0+Kvdnd4Asvhc27/ao+PzENGtkZg0/CedRlZRqR6yse:Dfm0+KlZsJc27io2zYGtk20/LdF0+

    Score
    10/10
    xorddosbotnetdownloaderpersistence

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

      botnetdownloaderxorddos

    • XorDDoS payload

    • Deletes itself

    • Executes dropped EXE

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks