General
-
Target
00af3dac671ad8ce760784250dff7e60_JaffaCakes118
-
Size
247KB
-
Sample
240328-jjze7sdc83
-
MD5
00af3dac671ad8ce760784250dff7e60
-
SHA1
1eba57c53d32be6ae97c36197e6263d57892025a
-
SHA256
ec92214bce49930f5ea76548f8d1589d4c29bbd8848503215c48ad51d84e4f07
-
SHA512
61a4f369fee81e514a283807d48e7dfd97cc3f0221c1e3410f70fb425106b7fa2b9cd65f4c087c7d71d03cf9970bbf17fe72f6f55aec078886b937c53ab18ddf
-
SSDEEP
6144:nSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCPhhhR//mqYY:mZRgUY/fsJcO1KOiXOhhhBeY
Malware Config
Extracted
xorddos
-
crc_polynomial
EDB88320
Targets
-
-
Target
00af3dac671ad8ce760784250dff7e60_JaffaCakes118
-
Size
247KB
-
MD5
00af3dac671ad8ce760784250dff7e60
-
SHA1
1eba57c53d32be6ae97c36197e6263d57892025a
-
SHA256
ec92214bce49930f5ea76548f8d1589d4c29bbd8848503215c48ad51d84e4f07
-
SHA512
61a4f369fee81e514a283807d48e7dfd97cc3f0221c1e3410f70fb425106b7fa2b9cd65f4c087c7d71d03cf9970bbf17fe72f6f55aec078886b937c53ab18ddf
-
SSDEEP
6144:nSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCPhhhR//mqYY:mZRgUY/fsJcO1KOiXOhhhBeY
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-