General
-
Target
65b4eac6cbab5c4b11aa86484decce16_JaffaCakes118
-
Size
647KB
-
Sample
240729-2xy1psyhpc
-
MD5
65b4eac6cbab5c4b11aa86484decce16
-
SHA1
847b8daa617e08840ecad2ba519856cc603d8660
-
SHA256
c7ef93aef90181a38af98fd27cb0a380777593f5c04a575ca81643eaa5897fb0
-
SHA512
3b5690ae5af11f069044f2ad6bd3c33fa0e76fc57d1312b95e44cfb62dfd18dd8db0f6557685540e8123652f76591b7019172d2cbf873f57ca9a79048d3d4e6c
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1TonTp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mT6wvnDWXMN
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
aaaaaaaaaa.re67das.com:5859
182.18.22.240:8808
sx.gexgz.com:8808
-
crc_polynomial
EDB88320
Targets
-
-
Target
65b4eac6cbab5c4b11aa86484decce16_JaffaCakes118
-
Size
647KB
-
MD5
65b4eac6cbab5c4b11aa86484decce16
-
SHA1
847b8daa617e08840ecad2ba519856cc603d8660
-
SHA256
c7ef93aef90181a38af98fd27cb0a380777593f5c04a575ca81643eaa5897fb0
-
SHA512
3b5690ae5af11f069044f2ad6bd3c33fa0e76fc57d1312b95e44cfb62dfd18dd8db0f6557685540e8123652f76591b7019172d2cbf873f57ca9a79048d3d4e6c
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1TonTp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mT6wvnDWXMN
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-