General
-
Target
e83b8d304f6e712cf24817dc50723dfe
-
Size
647KB
-
Sample
231220-tz19vaedh2
-
MD5
e83b8d304f6e712cf24817dc50723dfe
-
SHA1
1a2abe9d5fab204d10127e50f3877777bb8d3e87
-
SHA256
c6a4177e8bf1cba88b1a8d6c62f681031449b08ee805b5bf320439e771d84862
-
SHA512
d58742c54f001ff4950961190ce89ffb9025a482fc76ee59a50cdd88ece21cd1ee6a94c92683089c98cd041b430fd1d7b4805532df59903be297fa08164acf12
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1TonXp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mX6wvnDWXMN
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
www.linux8000.com:6666
168.1.131:3826
abcd.com:8080
-
crc_polynomial
EDB88320
Targets
-
-
Target
e83b8d304f6e712cf24817dc50723dfe
-
Size
647KB
-
MD5
e83b8d304f6e712cf24817dc50723dfe
-
SHA1
1a2abe9d5fab204d10127e50f3877777bb8d3e87
-
SHA256
c6a4177e8bf1cba88b1a8d6c62f681031449b08ee805b5bf320439e771d84862
-
SHA512
d58742c54f001ff4950961190ce89ffb9025a482fc76ee59a50cdd88ece21cd1ee6a94c92683089c98cd041b430fd1d7b4805532df59903be297fa08164acf12
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1TonXp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mX6wvnDWXMN
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-