Extracted

• • Target

    5602159b146889a8d8f73317cd07c88c

  • Size

    544KB

  • MD5

    5602159b146889a8d8f73317cd07c88c

  • SHA1

    7d27cf3a17a76da44da1b17258cd4768c6d6a2ce

  • SHA256

    42d1a53a951c417d9ecfee401060e7eb6cdc7f1eee2199fc301bc954294a94a2

  • SHA512

    63bba00e8d0965e49ac39d6fba2d3b3069299ef786ad805732ac5bd25e02718b94ac6f7f2ed8ab109966a0828ca249cd96aebd59cbd80d28c9469db1e9aae68a

  • SSDEEP

    12288:JbinNy0Y1nvEtXBx6DkkJmAGyPexU279WnjVZ6ySWK:1iNy0evmxvkJmApPexUm9cVE

  Score

  10^/10

  xorddosbotnetdownloaderpersistence

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos

  • XorDDoS payload

  • Deletes itself

  • Executes dropped EXE

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence

  • Writes file to system bin folder

  behavioral1