General
-
Target
6387622dc599a220749b77411a56d13f_JaffaCakes118
-
Size
604KB
-
Sample
240729-13tshatamq
-
MD5
6387622dc599a220749b77411a56d13f
-
SHA1
112dd3302d0293399948fdeb8931a6159c62e390
-
SHA256
74ea918b27f1952f47ab52e75de09f623e29928301da16ac5c27bd5ef8475520
-
SHA512
03b8dd65a0574fda6a3eb7274439ccbea05b7bcf9d4a2ffbe0b46bdf58a13e8b25d784aa6f4338c3366bb207e9e973faf131127ef2ab9ae8f87953b34f27b094
-
SSDEEP
12288:IiqKgqkonFOSC3pZWKqAKSj6LJXDv429v6yrDKb4olUuThTcF:S1qPkSCvnvKSj6LJXDr9zDsl/9TE
Malware Config
Extracted
xorddos
103.25.9.245:8008
103.240.141.50:8008
66.102.253.30:8008
ndns.dsaj2a1.org:8008
ndns.dsaj2a.org:8008
ndns.hcxiaoao.com:8008
ndns.dsaj2a.com:8008
-
crc_polynomial
EDB88320
Targets
-
-
Target
6387622dc599a220749b77411a56d13f_JaffaCakes118
-
Size
604KB
-
MD5
6387622dc599a220749b77411a56d13f
-
SHA1
112dd3302d0293399948fdeb8931a6159c62e390
-
SHA256
74ea918b27f1952f47ab52e75de09f623e29928301da16ac5c27bd5ef8475520
-
SHA512
03b8dd65a0574fda6a3eb7274439ccbea05b7bcf9d4a2ffbe0b46bdf58a13e8b25d784aa6f4338c3366bb207e9e973faf131127ef2ab9ae8f87953b34f27b094
-
SSDEEP
12288:IiqKgqkonFOSC3pZWKqAKSj6LJXDv429v6yrDKb4olUuThTcF:S1qPkSCvnvKSj6LJXDr9zDsl/9TE
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-