General
-
Target
0190d66de838c766a844e52c1f4f047a_JaffaCakes118
-
Size
611KB
-
Sample
240426-yw3eysbb99
-
MD5
0190d66de838c766a844e52c1f4f047a
-
SHA1
2e7fd825bec6d7fc7ddb9e2b60b3c9678bad6eae
-
SHA256
580accbe4ec8e8ec6808c34eda1d6feae17d9940723acd1fe13db75d02e13ae9
-
SHA512
c26e30f4f10959ecf529631e078651f0b720bd542722aad0e3c4178ae3fbf5ac8d7a6bc453e0a4c3d4b8ef7ebc4267b36a399f1e6b608596c509733c075468de
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr3T6yF8EEP4UlUuTh1A7:FBXmkN/+Fhu/Qo4h9L+zNN3BVEBl/91W
Behavioral task
behavioral1
Sample
0190d66de838c766a844e52c1f4f047a_JaffaCakes118
Resource
ubuntu2004-amd64-20240418-en
Malware Config
Extracted
xorddos
http://aa.finance1num.org/config.rar
cdn.netflix2cdn.com:3308
cdn.finance1num.com:3308
-
crc_polynomial
EDB88320
Targets
-
-
Target
0190d66de838c766a844e52c1f4f047a_JaffaCakes118
-
Size
611KB
-
MD5
0190d66de838c766a844e52c1f4f047a
-
SHA1
2e7fd825bec6d7fc7ddb9e2b60b3c9678bad6eae
-
SHA256
580accbe4ec8e8ec6808c34eda1d6feae17d9940723acd1fe13db75d02e13ae9
-
SHA512
c26e30f4f10959ecf529631e078651f0b720bd542722aad0e3c4178ae3fbf5ac8d7a6bc453e0a4c3d4b8ef7ebc4267b36a399f1e6b608596c509733c075468de
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr3T6yF8EEP4UlUuTh1A7:FBXmkN/+Fhu/Qo4h9L+zNN3BVEBl/91W
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-