General
-
Target
e40d4ba6f6aee3acd39faf65f471894a.elf
-
Size
542KB
-
Sample
240329-2yzcvsce22
-
MD5
e40d4ba6f6aee3acd39faf65f471894a
-
SHA1
7de3d9b9905cc4fde29d37ca73e2ffcf7bbb0eab
-
SHA256
0e817a2325c215997de15851152a66924874739eeff5da4b434e5d36c83a76eb
-
SHA512
2479a64b2cdcff25f87725f6541921fbb4590725f2a8ba7b4827a706ac326fb6124b6c10ea2635502a79081aa2d6b2a29ffeaaa269d320e281e26bb68a30a88f
-
SSDEEP
12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3:VB2WCH/eMU9Uc8gd49N94BJXQLL4ru
Behavioral task
behavioral1
Sample
e40d4ba6f6aee3acd39faf65f471894a.elf
Resource
ubuntu1804-amd64-20240226-en
Malware Config
Extracted
xorddos
http://ww.wowapplecar.com/config.rar
dd.vvbb321.com:1430
dd.jjkk567.com:1430
dd.nnmm234.com:1430
dd.aass654.com:1430
dd.xxcc789.com:1430
-
crc_polynomial
EDB88320
Targets
-
-
Target
e40d4ba6f6aee3acd39faf65f471894a.elf
-
Size
542KB
-
MD5
e40d4ba6f6aee3acd39faf65f471894a
-
SHA1
7de3d9b9905cc4fde29d37ca73e2ffcf7bbb0eab
-
SHA256
0e817a2325c215997de15851152a66924874739eeff5da4b434e5d36c83a76eb
-
SHA512
2479a64b2cdcff25f87725f6541921fbb4590725f2a8ba7b4827a706ac326fb6124b6c10ea2635502a79081aa2d6b2a29ffeaaa269d320e281e26bb68a30a88f
-
SSDEEP
12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXQLLp6yWrk3:VB2WCH/eMU9Uc8gd49N94BJXQLL4ru
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-