General
-
Target
241b49cc442eea4c58dea85df5af24c3_JaffaCakes118
-
Size
247KB
-
Sample
240728-z14z1sygpg
-
MD5
241b49cc442eea4c58dea85df5af24c3
-
SHA1
778d07c66dccd90cf2115054da15d392f87bfdd3
-
SHA256
c6c8b555876203629a58e54c377b6840199ce1323ba3229af376b03d54864fb6
-
SHA512
efc3d8d38943dc0dea66cc8627bfe08e5ceee2cf2f99d9ce5f3e952e499d762423ab6b6d7e628707b255e5600d791d5ecd1dbf9862a1229950046c9e67156793
-
SSDEEP
6144:bSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCXq6Q/mqYt:aZRgUY/fsJcO1KOiXaq6Qet
Malware Config
Extracted
xorddos
-
crc_polynomial
EDB88320
Targets
-
-
Target
241b49cc442eea4c58dea85df5af24c3_JaffaCakes118
-
Size
247KB
-
MD5
241b49cc442eea4c58dea85df5af24c3
-
SHA1
778d07c66dccd90cf2115054da15d392f87bfdd3
-
SHA256
c6c8b555876203629a58e54c377b6840199ce1323ba3229af376b03d54864fb6
-
SHA512
efc3d8d38943dc0dea66cc8627bfe08e5ceee2cf2f99d9ce5f3e952e499d762423ab6b6d7e628707b255e5600d791d5ecd1dbf9862a1229950046c9e67156793
-
SSDEEP
6144:bSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCXq6Q/mqYt:aZRgUY/fsJcO1KOiXaq6Qet
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
Executes dropped EXE
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-