General
-
Target
4354ecf6edd10d7625b429d765308ee2
-
Size
543KB
-
Sample
231222-bm1tfadef7
-
MD5
4354ecf6edd10d7625b429d765308ee2
-
SHA1
a936a99d2fbcb2666dbf4dcadd9e89ceadacb971
-
SHA256
f17b59caed6d1c06938854996cd6064308f31ec88a39ff2553b52368f9a12384
-
SHA512
c561361f8d1f9a211cc2e08662ff88b99c53700d77da6603d227379f122525171ced92d00edb1c7b5cfc9825b02cd24a1a060367e775e9ed630f853a2bbb5f79
-
SSDEEP
12288:1p+duTlNbCIn53vlJU0VkW3C3jyiXcsPl3D2KSKqfj6y1mC:r+ITlNblJ3UHW3CuiXcsPZDmKqfx7
Malware Config
Extracted
xorddos
topbannersun.com:5616
wowapplecar.com:5616
-
crc_polynomial
CDB88320
Targets
-
-
Target
4354ecf6edd10d7625b429d765308ee2
-
Size
543KB
-
MD5
4354ecf6edd10d7625b429d765308ee2
-
SHA1
a936a99d2fbcb2666dbf4dcadd9e89ceadacb971
-
SHA256
f17b59caed6d1c06938854996cd6064308f31ec88a39ff2553b52368f9a12384
-
SHA512
c561361f8d1f9a211cc2e08662ff88b99c53700d77da6603d227379f122525171ced92d00edb1c7b5cfc9825b02cd24a1a060367e775e9ed630f853a2bbb5f79
-
SSDEEP
12288:1p+duTlNbCIn53vlJU0VkW3C3jyiXcsPl3D2KSKqfj6y1mC:r+ITlNblJ3UHW3CuiXcsPZDmKqfx7
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Writes file to system bin folder
-