General
-
Target
f60e7e3d7e68fac8a5a5827974ff78f0
-
Size
647KB
-
Sample
231220-vxtyesghb2
-
MD5
f60e7e3d7e68fac8a5a5827974ff78f0
-
SHA1
7bc91c75d85097f885ad507d8c6c7d8b6924b22e
-
SHA256
a518b18d18736dbf2f9c75442753dc9489e46cfc7fab169f80bff4b7bf09c625
-
SHA512
b99b7d4d7bb43ad175977fe9aff8d7cc9a3a3aac2258f5a28cb0edf92bf5b28a71c85ba90cb13b961662f1e486fd6a1312ad98af10bd5072533d08537216ee4d
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton7p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m76wvnDWXMN
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
aaaaaaaaaa.re67das.com:5859
vtqq.f3322.net:25
bii.f3322.net:25
-
crc_polynomial
EDB88320
Targets
-
-
Target
f60e7e3d7e68fac8a5a5827974ff78f0
-
Size
647KB
-
MD5
f60e7e3d7e68fac8a5a5827974ff78f0
-
SHA1
7bc91c75d85097f885ad507d8c6c7d8b6924b22e
-
SHA256
a518b18d18736dbf2f9c75442753dc9489e46cfc7fab169f80bff4b7bf09c625
-
SHA512
b99b7d4d7bb43ad175977fe9aff8d7cc9a3a3aac2258f5a28cb0edf92bf5b28a71c85ba90cb13b961662f1e486fd6a1312ad98af10bd5072533d08537216ee4d
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton7p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m76wvnDWXMN
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-