Overview

overview

10

Static

static

10

638aca9fff...kes118

ubuntu-24.04-amd64

10

Analysis

  • max time kernel
    149s
  • max time network
    155s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    29-07-2024 22:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    638aca9fff2d46005788673bd1d2fb91_JaffaCakes118

  • Size

    647KB

  • MD5

    638aca9fff2d46005788673bd1d2fb91

  • SHA1

    c6f30789ff4b852efaeba52186126cc97d0a409a

  • SHA256

    b4c493433d7ac154d8ab0676aaf81cbb7f8109e481cd621d87e4dbbd99b53cf0

  • SHA512

    ae6360323a6aaa36e43adfbbd52cdc960438242ae6eb6d5a79ecd8b68458f867b5e98aa84e6f177ec648763137ac0d039e029028617e3918c7c8926f0ad65c4a

  • SSDEEP

    12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Tonjp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mj6wvnDWXMN

Score
10/10
xorddosbotnetdownloaderrootkit

Malware Config

Extracted

Family

xorddos

C2

http://info1.3000uc.com/b/u.php

linux.bc5j.com:2897

122.114.191.78:2897
Attributes
  • crc_polynomial

    EDB88320

xor.plain

Signatures

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos
  • XorDDoS payload 1 IoCs
  • Writes memory of remote process 2 IoCs
  • Loads a kernel module 64 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Unexpected DNS network traffic destination 20 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes

  • /tmp/638aca9fff2d46005788673bd1d2fb91_JaffaCakes118
    /tmp/638aca9fff2d46005788673bd1d2fb91_JaffaCakes118
    1⤵
    • Writes memory of remote process
    • Loads a kernel module
    PID:2830

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /etc/cron.hourly/cron.sh
    Filesize

    223B

    MD5

    b791b087b1795e3674a9aa765c76fc04

    SHA1

    b53f478234ae97f3cdbf2e7fe7ec68d687feb7c1

    SHA256

    1c1e9b69cf8021bf7ce1f60dcaa2d31c1e21ed4b6e474f3571da81ffd5a9b69e

    SHA512

    2dcc2e478c51cf8118306fd5c744aad7147e368cbc4329db1cc5fac52088a7f3354079ae2b582b270495789e4fb4591538ec88bb5ea40eec646f360bac33bbb2

    Download Submit

  • /run/sftp.pid
    Filesize

    32B

    MD5

    2de8c4bfa522b52600a260ce03393427

    SHA1

    c1ba3552a46f222cdc49f46452d2e1be54877e08

    SHA256

    141278c941abd57ea250632fa787e050de9d3ceeb84adf6fd5a5b426f7fd6b29

    SHA512

    ffdc7046e2b78f2b3cc9dc1a6467ed4e4b0dfe6454fb9490e068b8dbc3da96d9823f77d366be33f31a0ead51d8aca4b7923cd5f9db05af08b3e91868d78f3590

    Download Submit

  • /usr/lib/udev/udev
    Filesize

    647KB

    MD5

    638aca9fff2d46005788673bd1d2fb91

    SHA1

    c6f30789ff4b852efaeba52186126cc97d0a409a

    SHA256

    b4c493433d7ac154d8ab0676aaf81cbb7f8109e481cd621d87e4dbbd99b53cf0

    SHA512

    ae6360323a6aaa36e43adfbbd52cdc960438242ae6eb6d5a79ecd8b68458f867b5e98aa84e6f177ec648763137ac0d039e029028617e3918c7c8926f0ad65c4a

    Download Submit