Extracted

• • Target

    232e172f7a005dd12d4aad55e0c4a331_JaffaCakes118

  • Size

    611KB

  • MD5

    232e172f7a005dd12d4aad55e0c4a331

  • SHA1

    9425435b359cd7ee6138564c687709e9d244f065

  • SHA256

    696bad26159da671a74a879c34188dcae0edcd6726f8314c5bde240765235dd8

  • SHA512

    f42110ba007957a6256c9a74e0d6e57dd8a3918823a803dbac583155438a60072c54f79ad052ff24da27ff649c04ead6e9962c32710bcf8eb072e8e0050c769f

  • SSDEEP

    12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr6T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN6BVEBl/91h

  Score

  10^/10

  xorddosbotnetdownloaderinfostealerpersistence

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos

  • XorDDoS payload

  • Executes dropped EXE

  • Reads EFI boot settings

    Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    infostealer

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence

  • Write file to user bin folder

  behavioral1