xorddos | 0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b | Triage

Submit
Reports

Overview

overview

Static

static

d1b5b4b4b5...14ac3f

ubuntu-18.04-amd64

Sharing

General

Target

d1b5b4b4b5a118e384c7ff487e14ac3f
Size

611KB
Sample

231222-sgv5faehgr
MD5

d1b5b4b4b5a118e384c7ff487e14ac3f
SHA1

038b7e9406fe5cb0a0be8f95ac935923c6d83c28
SHA256

0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b
SHA512

20885f782beeca1712924d6dec7fa474fb2fa7f926d7cbdbdd5f7fa18f6a3ac2bcd5dbd771a80c13c3403cbad05f2cda86ffefdc8170d6cc0f0b4b01a5baec74
SSDEEP

12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiLx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhLfNiGQl/91h

Score

10^/10

xorddos botnet downloader linux persistence

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

d1b5b4b4b5a118e384c7ff487e14ac3f

Resource

ubuntu1804-amd64-20231215-en

xorddos botnet downloader persistence

ubuntu-18.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

xorddos

C2

http://aa.hostasa.org/game.rar

ns3.hostasa.org:3309

ns4.hostasa.org:3309

ns1.hostasa.org:3309

ns2.hostasa.org:3309

Attributes

crc_polynomial
EDB88320

xor.plain

Targets

- Target
  
  d1b5b4b4b5a118e384c7ff487e14ac3f
- Size
  
  611KB
- MD5
  
  d1b5b4b4b5a118e384c7ff487e14ac3f
- SHA1
  
  038b7e9406fe5cb0a0be8f95ac935923c6d83c28
- SHA256
  
  0a312a4154dcec2bc6ce1d3b51c037b122ace5848ec99c2b861ab6124addae9b
- SHA512
  
  20885f782beeca1712924d6dec7fa474fb2fa7f926d7cbdbdd5f7fa18f6a3ac2bcd5dbd771a80c13c3403cbad05f2cda86ffefdc8170d6cc0f0b4b01a5baec74
- SSDEEP
  
  12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiLx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhLfNiGQl/91h
Score

10^/10

xorddos botnet downloader persistence
- XorDDoS
  Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
  botnet downloader xorddos
- XorDDoS payload
- Deletes itself
- Executes dropped EXE
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task/Job

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Scheduled Task/Job

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xorddosbotnetdownloaderpersistence

© 2018-2024

Terms | Privacy