General
-
Target
6395aafd2335a87f431bcf45adebd802_JaffaCakes118
-
Size
611KB
-
Sample
240729-14mqksxfle
-
MD5
6395aafd2335a87f431bcf45adebd802
-
SHA1
b44fb1fbd3a7b206abe19aabb805c40a8850fe38
-
SHA256
90ad1f172af7d0915e548bd84443ab3cc3b3df97b3fbf8c06ecc8b42604fbb5f
-
SHA512
7d6a0b2e2194333d2389eb4ff3dd33368c1cc87d28b436f7e5f9a771c3d86e12aee5613aebbb39f142f26b53c6c20d6b7608e74b9a4b272734a0b3fd424967da
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr6T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN6BVEBl/91h
Malware Config
Extracted
xorddos
http://www.s9xk32c.com/config.rar
ww.s9xk32c.com:3307
ww.s9xk32a.com:3307
ww.s9xk32b.com:3307
-
crc_polynomial
EDB88320
Targets
-
-
Target
6395aafd2335a87f431bcf45adebd802_JaffaCakes118
-
Size
611KB
-
MD5
6395aafd2335a87f431bcf45adebd802
-
SHA1
b44fb1fbd3a7b206abe19aabb805c40a8850fe38
-
SHA256
90ad1f172af7d0915e548bd84443ab3cc3b3df97b3fbf8c06ecc8b42604fbb5f
-
SHA512
7d6a0b2e2194333d2389eb4ff3dd33368c1cc87d28b436f7e5f9a771c3d86e12aee5613aebbb39f142f26b53c6c20d6b7608e74b9a4b272734a0b3fd424967da
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr6T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN6BVEBl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-