General
-
Target
95efa79873f314005c30d9a1073ebea9
-
Size
660KB
-
Sample
231222-p9w1nadbbq
-
MD5
95efa79873f314005c30d9a1073ebea9
-
SHA1
e06a22bf168f9522c79a2d7fcad4ae8ed961ea4b
-
SHA256
66014710297270fcf37060d02b97c187573950416757a85644c7c22ce8469824
-
SHA512
13680daa6ddb3283df0b8d21b4eb232602278b2d218274be0f2c0fbaf7bfd0fc593c50f14927c5a9cb00fd349cff6b4c0cfb4bb6fd771206e63fd36504605a6f
-
SSDEEP
12288:yB6hZ/D+2wZn/Dj3y3NDghlVx3LxAnbZ4s36yT+VmgiZM+yqGTh5AZ2:yB6PL+2S/Dj0NDAVx3LxAnusjoiLyqGT
Malware Config
Extracted
xorddos
103.25.9.245:3504
103.240.141.50:3504
66.102.253.30:3504
ndns.dsaj2a1.org:3504
ndns.dsaj2a.org:3504
ndns.hcxiaoao.com:3504
ndns.dsaj2a.com:3504
-
crc_polynomial
EDB88320
Targets
-
-
Target
95efa79873f314005c30d9a1073ebea9
-
Size
660KB
-
MD5
95efa79873f314005c30d9a1073ebea9
-
SHA1
e06a22bf168f9522c79a2d7fcad4ae8ed961ea4b
-
SHA256
66014710297270fcf37060d02b97c187573950416757a85644c7c22ce8469824
-
SHA512
13680daa6ddb3283df0b8d21b4eb232602278b2d218274be0f2c0fbaf7bfd0fc593c50f14927c5a9cb00fd349cff6b4c0cfb4bb6fd771206e63fd36504605a6f
-
SSDEEP
12288:yB6hZ/D+2wZn/Dj3y3NDghlVx3LxAnbZ4s36yT+VmgiZM+yqGTh5AZ2:yB6PL+2S/Dj0NDAVx3LxAnusjoiLyqGT
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-