xorddos | 598d7c33cab88b9b475f822ecca744be2fea7fdd9b643c3060992d9b94667eda | Triage

Submit
Reports

Overview

overview

Static

static

7

c28220e173...861748

ubuntu-18.04-amd64

Sharing

General

Target

c28220e17321c219bc9799b98b861748
Size

247KB
Sample

240312-fmkvfahb2z
MD5

c28220e17321c219bc9799b98b861748
SHA1

5141c8bcdd85093350b5d3026ee0768186b11def
SHA256

598d7c33cab88b9b475f822ecca744be2fea7fdd9b643c3060992d9b94667eda
SHA512

ecc7fccc3297847032f32334c7e8720226e7c45bc3d8c70fff41b3ac1321bfbce7f122904b490b0da6c331eec64421aabf4abf90fa045a17524dc5db8a7eda68
SSDEEP

6144:JSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCDx/mqYs:YZRgUY/fsJcO1KOiXGes

Score

10^/10

xorddos botnet downloader linux persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

c28220e17321c219bc9799b98b861748

Resource

ubuntu1804-amd64-20240226-en

xorddos botnet downloader persistence upx

ubuntu-18.04-amd64

8 signatures

150 seconds

Malware Config

Extracted

Family

xorddos

Attributes

crc_polynomial
EDB88320

Targets

- Target
  
  c28220e17321c219bc9799b98b861748
- Size
  
  247KB
- MD5
  
  c28220e17321c219bc9799b98b861748
- SHA1
  
  5141c8bcdd85093350b5d3026ee0768186b11def
- SHA256
  
  598d7c33cab88b9b475f822ecca744be2fea7fdd9b643c3060992d9b94667eda
- SHA512
  
  ecc7fccc3297847032f32334c7e8720226e7c45bc3d8c70fff41b3ac1321bfbce7f122904b490b0da6c331eec64421aabf4abf90fa045a17524dc5db8a7eda68
- SSDEEP
  
  6144:JSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCDx/mqYs:YZRgUY/fsJcO1KOiXGes
Score

10^/10

xorddos botnet downloader persistence upx
- XorDDoS
  Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
  botnet downloader xorddos
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Scheduled Task/Job

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

xorddosbotnetdownloaderpersistenceupx

© 2018-2024

Terms | Privacy