General
-
Target
1.txt
-
Size
535KB
-
Sample
240502-aw2awsbf8z
-
MD5
f075a45d0f9159aca526e13870de7b28
-
SHA1
1f74f062b39def7ba488b1e5dfcd56fcb87c5768
-
SHA256
a544fa8b34122876e3e0140c480c967aad0b26d84823ae6fdd1bc961e47d8b15
-
SHA512
a8f3035f3b88f3c4250fc869b4890b4a5d3bcf1333c2a13a43c8f2a1775b828173787fc65ff04e48b9984e10f601a30c25a6c32a7114166e0b91ba14f3be3f50
-
SSDEEP
12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzD66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5DfjQn36Eu
Behavioral task
behavioral1
Sample
1.txt
Resource
ubuntu1804-amd64-20240226-en
Malware Config
Extracted
xorddos
https://ww.aass654.com/config.rar
ff.aass654.com:1522
ff.xxcc789.com:1522
ff.vvbb321.com:1522
ff.jjkk567.com:1522
ff.nnmm234.com:1522
-
crc_polynomial
EDB88320
Targets
-
-
Target
1.txt
-
Size
535KB
-
MD5
f075a45d0f9159aca526e13870de7b28
-
SHA1
1f74f062b39def7ba488b1e5dfcd56fcb87c5768
-
SHA256
a544fa8b34122876e3e0140c480c967aad0b26d84823ae6fdd1bc961e47d8b15
-
SHA512
a8f3035f3b88f3c4250fc869b4890b4a5d3bcf1333c2a13a43c8f2a1775b828173787fc65ff04e48b9984e10f601a30c25a6c32a7114166e0b91ba14f3be3f50
-
SSDEEP
12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzD66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5DfjQn36Eu
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-