General
-
Target
fb18a78ab398c101ec335992020bdbf6ca35db5d74b6c708d126cf4d4ebf289d.elf
-
Size
549KB
-
Sample
240427-yldzlsff2s
-
MD5
450cea21132fad13be77c7030d2a9e9d
-
SHA1
e0fdfb05fb79f5ba1cafc69b78a50a0eed6eeedb
-
SHA256
fb18a78ab398c101ec335992020bdbf6ca35db5d74b6c708d126cf4d4ebf289d
-
SHA512
6d282ecf3df15592a2e000906e5aca9665421309a35b31d7aed3cedcc0f46b2f7b6db2426afa7a02f49173b59b9be5c6089dbd0f8a4da8e962ca254e00854f49
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
Behavioral task
behavioral1
Sample
fb18a78ab398c101ec335992020bdbf6ca35db5d74b6c708d126cf4d4ebf289d.elf
Resource
ubuntu2004-amd64-20240418-en
Malware Config
Extracted
xorddos
user.myserv012.com:123
user.search2c.com:123
http://qq.com/lib.asp
-
crc_polynomial
CDB88320
Targets
-
-
Target
fb18a78ab398c101ec335992020bdbf6ca35db5d74b6c708d126cf4d4ebf289d.elf
-
Size
549KB
-
MD5
450cea21132fad13be77c7030d2a9e9d
-
SHA1
e0fdfb05fb79f5ba1cafc69b78a50a0eed6eeedb
-
SHA256
fb18a78ab398c101ec335992020bdbf6ca35db5d74b6c708d126cf4d4ebf289d
-
SHA512
6d282ecf3df15592a2e000906e5aca9665421309a35b31d7aed3cedcc0f46b2f7b6db2426afa7a02f49173b59b9be5c6089dbd0f8a4da8e962ca254e00854f49
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-