General
-
Target
3c49b5160b981f06bd5242662f8d0a54
-
Size
611KB
-
Sample
231222-a62z6sbdf2
-
MD5
3c49b5160b981f06bd5242662f8d0a54
-
SHA1
c50933e1f8a194e608049839707d8d698dd5caa5
-
SHA256
c394440c56fdcda9739fbb966e9ac2eab9e11e2eeff0720eb4c850a05b33eefc
-
SHA512
d947f1ecfb10002bc05bb6d1786758dfecb9000b94140128ccc9a68bd3a032ccb7360f27a3f7f522df856b372691bde46792975f6ac82c6fa0218d38b0d8488e
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Tikx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhkfNiGQl/91h
Behavioral task
behavioral1
Sample
3c49b5160b981f06bd5242662f8d0a54
Resource
ubuntu1804-amd64-20231222-en
Malware Config
Extracted
xorddos
http://aa.hostasa.org/game.rar
ns3.hostasa.org:3306
ns4.hostasa.org:3306
ns1.hostasa.org:3306
ns2.hostasa.org:3306
-
crc_polynomial
EDB88320
Targets
-
-
Target
3c49b5160b981f06bd5242662f8d0a54
-
Size
611KB
-
MD5
3c49b5160b981f06bd5242662f8d0a54
-
SHA1
c50933e1f8a194e608049839707d8d698dd5caa5
-
SHA256
c394440c56fdcda9739fbb966e9ac2eab9e11e2eeff0720eb4c850a05b33eefc
-
SHA512
d947f1ecfb10002bc05bb6d1786758dfecb9000b94140128ccc9a68bd3a032ccb7360f27a3f7f522df856b372691bde46792975f6ac82c6fa0218d38b0d8488e
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Tikx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhkfNiGQl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-