General
-
Target
50b176dd2a0888bd18ff13bf7484077c_JaffaCakes118
-
Size
611KB
-
Sample
240517-waeewsba38
-
MD5
50b176dd2a0888bd18ff13bf7484077c
-
SHA1
d1003213ededa07c90bc5d190182465d27bd626b
-
SHA256
2815c35a00c6abadc22aa61b888cb144bc51458d08196794f15d06851d185b1d
-
SHA512
3cbd17bfa60dc8e2459776da1c12eb631f1dfe5a7be42254b4daa47b84760bc34aca326bca79bc44cfa6e43bee61c54df50f2ccf1cec398d05397194209d5b97
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrET6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNEBVEBl/91h
Behavioral task
behavioral1
Sample
50b176dd2a0888bd18ff13bf7484077c_JaffaCakes118
Resource
ubuntu1804-amd64-20240508-en
Malware Config
Extracted
xorddos
http://aaa.dsaj2a.org/config.rar
ww.dnstells.com:80
ww.gzcfr5axf6.com:80
ww.gzcfr5axf7.com:80
-
crc_polynomial
EDB88320
Targets
-
-
Target
50b176dd2a0888bd18ff13bf7484077c_JaffaCakes118
-
Size
611KB
-
MD5
50b176dd2a0888bd18ff13bf7484077c
-
SHA1
d1003213ededa07c90bc5d190182465d27bd626b
-
SHA256
2815c35a00c6abadc22aa61b888cb144bc51458d08196794f15d06851d185b1d
-
SHA512
3cbd17bfa60dc8e2459776da1c12eb631f1dfe5a7be42254b4daa47b84760bc34aca326bca79bc44cfa6e43bee61c54df50f2ccf1cec398d05397194209d5b97
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrET6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNEBVEBl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Hijack Execution Flow
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Hijack Execution Flow
1Scheduled Task/Job
1