General
-
Target
clcghvuyu
-
Size
549KB
-
Sample
240131-pc8cesbgd5
-
MD5
c57833b58d55d499ef46663216a196d6
-
SHA1
f9c5672d95b40c4c4ed68269c3b55035aa29d830
-
SHA256
ae30644277ee1b1352839d218becb0f4cc18dedc62615600ab8c57a01ba5753c
-
SHA512
1b9f920ad78813c5aaf1a2345439e8630033582568a2dadf9665c183b7a1c8a7cd08212a86568ab41dcc94c958ee092d76d53836c085ce988c2e4f154cbf9e55
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmxi:VIv/qiVNHNDEfJKHZ8mG9QeeOi
Behavioral task
behavioral1
Sample
clcghvuyu
Resource
ubuntu1804-amd64-20231215-en
Malware Config
Extracted
xorddos
p5.2017fly.com:53
p5.2017fly.com:80
p5.2018fly.com:53
p5.2018fly.com:80
p5.sb1024.net:53
p5.sb1024.net:80
http://fuck.2017fly.com/i.php
-
crc_polynomial
CDB88320
Targets
-
-
Target
clcghvuyu
-
Size
549KB
-
MD5
c57833b58d55d499ef46663216a196d6
-
SHA1
f9c5672d95b40c4c4ed68269c3b55035aa29d830
-
SHA256
ae30644277ee1b1352839d218becb0f4cc18dedc62615600ab8c57a01ba5753c
-
SHA512
1b9f920ad78813c5aaf1a2345439e8630033582568a2dadf9665c183b7a1c8a7cd08212a86568ab41dcc94c958ee092d76d53836c085ce988c2e4f154cbf9e55
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmxi:VIv/qiVNHNDEfJKHZ8mG9QeeOi
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Writes file to system bin folder
-