General
-
Target
6488dcbdcea8b92132925c0561cbb5dd
-
Size
611KB
-
Sample
240118-fptv5adbcr
-
MD5
6488dcbdcea8b92132925c0561cbb5dd
-
SHA1
317404379d9c763ccd2930a4cc159c55856edf13
-
SHA256
e19635381b2d291f2d2217efd78b80ad97d7ef34bfcbf10a4877263cfa7c9669
-
SHA512
268d67117e4e0b03287c70ce871171e373fe8c404adaacffd9eadccfe095c14b3f1d637f04254bdc54008420f370ec566516c55a5dcf1eb1aa73f795552fbae0
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrpT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNpBVEBl/91h
Malware Config
Extracted
xorddos
http://aa.hostasa.org/config.rar
cdn.search2c.com:53
cdn.netflix2cdn.com:53
-
crc_polynomial
EDB88320
Targets
-
-
Target
6488dcbdcea8b92132925c0561cbb5dd
-
Size
611KB
-
MD5
6488dcbdcea8b92132925c0561cbb5dd
-
SHA1
317404379d9c763ccd2930a4cc159c55856edf13
-
SHA256
e19635381b2d291f2d2217efd78b80ad97d7ef34bfcbf10a4877263cfa7c9669
-
SHA512
268d67117e4e0b03287c70ce871171e373fe8c404adaacffd9eadccfe095c14b3f1d637f04254bdc54008420f370ec566516c55a5dcf1eb1aa73f795552fbae0
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrpT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNpBVEBl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-