General
-
Target
1fb5ff29548ab80e5cf4d13ffb00d6e1_JaffaCakes118
-
Size
647KB
-
Sample
240728-yb29fsvbrg
-
MD5
1fb5ff29548ab80e5cf4d13ffb00d6e1
-
SHA1
604c6c0978190a47b823a1ac54ba7b767a8cd493
-
SHA256
990de811f20eb0119c7d55c50f378d02062a51019079f9b013095fb860a9d9e7
-
SHA512
dcb5452af5dac07351cf704c8700a57ad1b1dcc8d6bb46d4253f3609fba9bd2267d3ed6f8a1f736176c826fd7c01b909e06b4addd6efde328d7c91270363f7a1
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton7p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m76wvnDWXMN
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
linux.jum2.com:2897
quanqiuzhuanshu.top:2897
-
crc_polynomial
EDB88320
Targets
-
-
Target
1fb5ff29548ab80e5cf4d13ffb00d6e1_JaffaCakes118
-
Size
647KB
-
MD5
1fb5ff29548ab80e5cf4d13ffb00d6e1
-
SHA1
604c6c0978190a47b823a1ac54ba7b767a8cd493
-
SHA256
990de811f20eb0119c7d55c50f378d02062a51019079f9b013095fb860a9d9e7
-
SHA512
dcb5452af5dac07351cf704c8700a57ad1b1dcc8d6bb46d4253f3609fba9bd2267d3ed6f8a1f736176c826fd7c01b909e06b4addd6efde328d7c91270363f7a1
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton7p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m76wvnDWXMN
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-