xorddos | 2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9

Analysis

max time kernel
148s
max time network
148s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
29-07-2024 02:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3291432c0084225333ee57320404e655_JaffaCakes118
Size

611KB
MD5

3291432c0084225333ee57320404e655
SHA1

96a637393566a51222a87f3588b01e021faac651
SHA256

2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9
SHA512

d86e86246063a6bb4d7c09d5c4e52af5904458b489b7dc21b0c795b32981482545c4a7f757892a2a2fec7af092986480642e8990e74f12ec6e26a17e328535cb
SSDEEP

12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr/T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN/BVEBl/91h

Score

10^/10

xorddos botnet downloader rootkit

Malware Config

Extracted

Family

xorddos

http://aaa.dsaj2a.org/config.rar

ww.dnstells.com:443

ww.gzcfr5axf6.com:443

ww.gzcfr5axf7.com:443

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 30 IoCs

resource	yara_rule
behavioral1/files/fstream-4.dat	family_xorddos
behavioral1/files/fstream-5.dat	family_xorddos
behavioral1/files/fstream-6.dat	family_xorddos
behavioral1/files/fstream-7.dat	family_xorddos
behavioral1/files/fstream-8.dat	family_xorddos
behavioral1/files/fstream-9.dat	family_xorddos
behavioral1/files/fstream-10.dat	family_xorddos
behavioral1/files/fstream-11.dat	family_xorddos
behavioral1/files/fstream-12.dat	family_xorddos
behavioral1/files/fstream-13.dat	family_xorddos
behavioral1/files/fstream-14.dat	family_xorddos
behavioral1/files/fstream-15.dat	family_xorddos
behavioral1/files/fstream-16.dat	family_xorddos
behavioral1/files/fstream-17.dat	family_xorddos
behavioral1/files/fstream-18.dat	family_xorddos
behavioral1/files/fstream-19.dat	family_xorddos
behavioral1/files/fstream-20.dat	family_xorddos
behavioral1/files/fstream-21.dat	family_xorddos
behavioral1/files/fstream-22.dat	family_xorddos
behavioral1/files/fstream-23.dat	family_xorddos
behavioral1/files/fstream-24.dat	family_xorddos
behavioral1/files/fstream-25.dat	family_xorddos
behavioral1/files/fstream-26.dat	family_xorddos
behavioral1/files/fstream-27.dat	family_xorddos
behavioral1/files/fstream-28.dat	family_xorddos
behavioral1/files/fstream-29.dat	family_xorddos
behavioral1/files/fstream-30.dat	family_xorddos
behavioral1/files/fstream-31.dat	family_xorddos
behavioral1/files/fstream-32.dat	family_xorddos
behavioral1/files/fstream-33.dat	family_xorddos

Writes memory of remote process 2 IoCs

pid	Process
2432	3291432c0084225333ee57320404e655_JaffaCakes118
2445	Process not Found

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2432	3291432c0084225333ee57320404e655_JaffaCakes118
2433	Process not Found
2439	Process not Found
2433	Process not Found
2433	Process not Found
2446	Process not Found
2445	Process not Found
2433	Process not Found
2433	Process not Found
2445	Process not Found
2445	Process not Found
2446	Process not Found
2445	Process not Found
2445	Process not Found
2446	Process not Found
2445	Process not Found
2445	Process not Found
2445	Process not Found
2445	Process not Found
2433	Process not Found
2445	Process not Found
2445	Process not Found
2433	Process not Found
2466	Process not Found
2468	Process not Found
2470	Process not Found
2475	Process not Found
2472	Process not Found
2476	Process not Found
2477	Process not Found
2474	Process not Found
2478	Process not Found
2479	Process not Found
2447	Process not Found
2445	Process not Found
2433	Process not Found
2433	Process not Found
2475	Process not Found
2475	Process not Found
2476	Process not Found
2476	Process not Found
2477	Process not Found
2477	Process not Found
2478	Process not Found
2478	Process not Found
2479	Process not Found
2479	Process not Found
2445	Process not Found
2475	Process not Found
2475	Process not Found
2476	Process not Found
2476	Process not Found
2477	Process not Found
2477	Process not Found
2478	Process not Found
2478	Process not Found
2479	Process not Found
2479	Process not Found
2445	Process not Found
2445	Process not Found
2475	Process not Found
2475	Process not Found
2476	Process not Found
2476	Process not Found

/tmp/3291432c0084225333ee57320404e655_JaffaCakes118
/tmp/3291432c0084225333ee57320404e655_JaffaCakes118
1⤵
- Writes memory of remote process
- Loads a kernel module
PID:2432

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/init.d/3291432c0084225333ee57320404e655_JaffaCakes118

Filesize
495B

MD5
828d6e15930d88aa1c02b7bb80d03957

SHA1
2028c1530e5768d0f949cf4fdb7fda8b5438eb53

SHA256
4c6aa088b272d2ac9b800e71bc4e4396397e21cba9f307325f247c4b2eb7bc23

SHA512
ba90bee10947b10e4e5cba956b0e2cd80dfd8e0b1cb21ed26ddf242b818a5af09bb7a7d610fd486d3520e0efc87bebf711e52170ba635ea7b6b6cc2718047847

Download Submit
/run/gcc.pid

Filesize
32B

MD5
fd7c33631a7c981dfb3679ae0990506e

SHA1
28a95c8ef428aa3e5c5e697fa8276607682c247b

SHA256
7d1d030a147792320571ccf38c7fd50e4135d5943c73ee0298a239946da761cd

SHA512
36d92d585fa60f708c737175308ac6485177af10e46931787692725380542766752f4493fa893893237c65a8f2a121c360ac9de6459f761132883b423c96136a

Download Submit
/usr/bin/acvmurbemo

Filesize
611KB

MD5
86a1f0fe151b72c15bd4afc2225096af

SHA1
d35cbed9a3d8b70168c6d882f6edaa0ef5842121

SHA256
09f477741ae0cc06f10a14564cd2c6d2961feea0a4e632ea0a4eeb74f4887abd

SHA512
d26c0a1a0d1dfe2ad8e687b49f849fcfcc58b800de70c354abd5404e7bd51a02b1357e68deb453bda2183689038fc4d2b4fd8dbb2208dd74eb5c1b9acfdedd43

Download Submit
/usr/bin/aioxgmlhda

Filesize
611KB

MD5
997e5087d8382b5bff53deeaa80fbf52

SHA1
362a2b79b338d80ed881ec33bd0cdb23163b5dda

SHA256
dbac47ddd85d54b0f2cdc1deb52c0840d20f9af612e2a1261254ed6e7d6f7396

SHA512
f6d8a776a5c60b7f08c31ceeac905ffc13bbe2ccf0c1f2bad90e39d078e4dc40683595fc539f5a4966484569cf235cf4c14d405aeedc92671e84f7dd0d3994e9

Download Submit
/usr/bin/aocradjzxc

Filesize
611KB

MD5
652b766b252f494a7358b6bf9be7bc60

SHA1
dd34aa3fbd83e9db890032972db2bbfa966bbcdb

SHA256
8d57014df631f4cee718079fb7a3cdf834033a65ccc06f62c9f81770715d0f00

SHA512
8c4a0d82e839aad2a65d3888de1fb5c13208d79cca8fceaddbc66d143e8d99a8c2a4763ae9f10a25a8720aa17d7973205c9de3ff7a69301ec14524731e29adfb

Download Submit
/usr/bin/bjmrryumbn

Filesize
611KB

MD5
97425ce4c5883d1d29bf1e0d52b645f5

SHA1
8e640fbac57781533b14668c668ef5623e0ad3f4

SHA256
f1c823a10539b317ddb18335ec05d047368bc9486ac0f417d715293b534af63a

SHA512
8111e896bc8c8ea00d273cd8ef9e4df593d51a5138bfddc7a97789b0417bb908c2fc9aa5b717e05af8b14f33b899d8e87e3f156219815f84f6eef19f6e0e3628

Download Submit
/usr/bin/ckephnnxop

Filesize
611KB

MD5
b9081c6706a39e20e565893c158da289

SHA1
c6c513f6ad73fdd274197a23805a314310eab554

SHA256
b06c2e0d8250c480cc042ad1908539177cdb33424ac5f0085b97f0e8533cb88c

SHA512
5f96d5f587081db2207ba8c6ceb1cdfd718e64aed4295a8f06f75ad67c4b690677d42b9a295cd8e2d32279ac7cad7d188e263c4beb7f5168448461330c735c1a

Download Submit
/usr/bin/dqoearipxt

Filesize
611KB

MD5
d66a289f5586b78c70ea172dc728f770

SHA1
13c1ef31db61f595a7e41df6bdab32c63dac327e

SHA256
f45a9524c0ed347a7cebf49b9e8165d7f7313be75326a3f5b2ee364b775de276

SHA512
6ae9b4d9b503b11d59d061a7336415f8fbfc32683de17f1b099ac832cbeaf9989a3e95eef838859500ed00db59baa457184f3c595887aef33d8350876365e820

Download Submit
/usr/bin/duaoekgcna

Filesize
611KB

MD5
813fb54aea34958f37773f9ad2922b7a

SHA1
df44878dd12290376b35d612436aae0e1c82c02c

SHA256
7f9806e26c3d476ae2171a958337731b9787f22438b01b6c85d46648e5918e62

SHA512
5f9f82d3147c4da0a0592ce68b96c128d81039f20c100d91f4c568741be860d273577c435cbe960bb4157b1764fbf4eb19ffb56020e97ee99b3b0d3afde56514

Download Submit
/usr/bin/ekyissmbnp

Filesize
611KB

MD5
4cd7b10a1627160d010322ffc829d9d5

SHA1
89868b5b0f38979fcaf15d34f6c60645fc54260f

SHA256
93df8e4c355e5027950e30a0d8fb8afd7c6c09e1e0d20da0b7cf416e73911a11

SHA512
c50d2794cb97adbd4829de7144a4a147079f34ed61fe2b4086fdfe80777d3076e99b788be6c36e387c98abefd8de5000e4758ea16cda6f5b771262bc16aee4f8

Download Submit
/usr/bin/entvfextsv

Filesize
611KB

MD5
22fcff38962602a12e1af9ea38af5502

SHA1
f42987a3f30a13069c5fc81fa8245e4366c1213f

SHA256
1efec720a8f49ffb8ef1077765eddb7b93fec5049e1c42c4e8db93ffa7362223

SHA512
eafa5786829080549975aee642518cd0eafac1a7b6d8649f624c28a621fa06a84b8d0181a3e98a21c9c59525dd58d2362b19cad5ac4f134b7a75e818a9222ba7

Download Submit
/usr/bin/exblzrotun

Filesize
611KB

MD5
17c468e0b94987a897105a17ea217fa2

SHA1
7b91d8607bf304779a0e50ba5e4279642ddc49ed

SHA256
37cc1901220c5865b1a0ff0e05517a4888f17f76a68a0f0e32c0f4cbffacfc30

SHA512
195f9cf5a98ac87c671eb9e50df5bfe7ffa63593923ea55f4581d84ea6d073b19f4093c98e760467131f55ffbc3af2bd0b9ab553bc9b4fdc9671aad5aa916217

Download Submit
/usr/bin/fefkabumlv

Filesize
611KB

MD5
529b3c1b39d9e0356a31c89656e5ca70

SHA1
629f1f57e4eec62449b9d74ba92ed33d1edc1a80

SHA256
2c55569b789ad281a674049bc735f10d724c849aa6ae40cad2be00c6a93d7466

SHA512
85d4904126929c4e34c13fec3f4f2a8fa0f13cbe55bf8d7fd673e465c8121b29d36b7fb1bcf06d5b94ca3dad9b50224dab97937ffe6362ee0fdec92094478378

Download Submit
/usr/bin/flueaynxhc

Filesize
611KB

MD5
b019086a23bcdf6158995993fe5e04f0

SHA1
e41673867c771766d1ec154ce6224d0917f8b3dd

SHA256
cba5e0af0f09af86ba63e4311a28106e0883fca81e635e311927fefd9c1cb064

SHA512
044c7fb8e0c6dcc7108df9b90a68f7409eb82218155b9d80b6a1f4e57dcd1fd1f253f21a4306e2bdda201a556f83322a2c5bc4748c4c4896701f698a17889e13

Download Submit
/usr/bin/hflekmcfnp

Filesize
611KB

MD5
83e202b8c3946aa9e6e01d44cb0162cb

SHA1
5f4e15c7f3bfb76d23994771dd97ccfb3c4d9f2d

SHA256
0339d61ca7e891fc18fa11dca73c83622711dea2da1b377b1627630bd66dc328

SHA512
5c85cada50c6cf522a2b1ead3f606db7103bfe585d0ec29b87474d646c74480b3ca71eded2000e8300aa449d02f79803b5727a708db73b340e75a45375e90869

Download Submit
/usr/bin/jhqukelxuf

Filesize
611KB

MD5
3cbd1a53f3733e7be83ac960c0327002

SHA1
93eba86df82566e600cad5962d81eef185a6f6a7

SHA256
c060e0f6d8dcf3e6fe2ac9e8832f0936c9c44a26eda7d6d1505dc5ef342dd556

SHA512
950eb6c05f490f19c24a2b70ee6dc9e8d73455f9e4c5e3eea338c877d1699569a7178c5db286e41ddd3e95c59a1103f6468caf6e0aa4207ee0a6c14d9c9f6ae2

Download Submit
/usr/bin/jysgxcwsxp

Filesize
611KB

MD5
52afe16163e211ceb2ba5c65b2b4693b

SHA1
af5e9ccbeaaf60aa1fce80fe9fa36f6907db6652

SHA256
465dec5753efc113b94e3202165d22dbb499b847df0a935eca9b319376074818

SHA512
cb14564313ecb5e64d0b2be79c973579fcf0f04307dcbe4edbd51d044b62fec2d08339744457e3cfd11b8df4b669b88a938a22d6063085e3af21af6812c205ed

Download Submit
/usr/bin/kmecybqkim

Filesize
611KB

MD5
9a86d0bf8f5b2c8cf5e3b816ac5b82f9

SHA1
362c1cc43e7559430251676fb2217620caf4f506

SHA256
de985957357fc0b039e166b5d44e56a226d2011177c022396255597fabf44253

SHA512
dacd35f5ff294c3184c68366e3a6efbe2e70d2368e8070f76c5adb32d3452d87edaeabe07338dbec1bea8e16805ff666b3b166da2497613a460af0091f260775

Download Submit
/usr/bin/kqxosekrtc

Filesize
611KB

MD5
260ff3e553e415f1405da5a3d851b7d0

SHA1
ca0865b303b26415d0f8dc50c4bbb804405e5c84

SHA256
8e9c0c844c1693ac99693962a90b435ce7df14ff39fc4c3af41139b2112d236d

SHA512
1498d1cceb3e3bb707eae1be453d9ccf740503c4c28e8ed9801dc5a28ca985bc52718708d079ac6da0fbf7381b5bac04ca3ebe4631bee7d90d72728e1242ca3f

Download Submit
/usr/bin/kvuxeglvwd

Filesize
611KB

MD5
a9e24d6968a2a27dbcce6cf36cb3283d

SHA1
49d77de29eb41b0cd8cac34507f670837d740ed3

SHA256
fbce246ca128aced4d5e3dc65b49c18a80aa83f013258d296b28705454cc6939

SHA512
084dcb7487b4fa3e4cff373e6ca454716b140898126ac854d030dc2f182ce40612ccb6e0148b3376bdfb9e0d1f5a9989fdc3ab97475349308f6c135ad2e37581

Download Submit
/usr/bin/lpbmtxplit

Filesize
611KB

MD5
545723a0990166030ebf0e2e01623096

SHA1
7e747784c3378b7101d87ff3f476173216e30ecf

SHA256
a613b0fca6ba134785e95a01705ae3aee8177f9c7acfee0b6a5231e227ba0824

SHA512
a853d99ac0e5ca0ba1e2d612d36057e8539f5cf5c386d70cc29e1ed2f38f45b93690073e29364d0a0fc5b7f73acccf4b775354f8cc1697aa509905109227e9c5

Download Submit
/usr/bin/mqkilmarcu

Filesize
611KB

MD5
fa0d95ea66a55689ffefc564733349cc

SHA1
71457716da41c3bf982ed49b7641497c4c5aaded

SHA256
afcd48864e7ead3e473711fd728ddbbf6b358bb92842209ae710b8a8930e1dd3

SHA512
55f8e13967b5ee614b580748d52d6ad43b48190bad008ed7d78022d99e4559f1bbe0d8b09ebbeb526bbc2e3563b4d9943f78f27cef0f8658a6e7afb18450b106

Download Submit
/usr/bin/oehqeolyug

Filesize
611KB

MD5
88dc473879e494748d5ee66ea6d5b8a6

SHA1
af3d2a3b6691e1b001412997fd0a022ed373f679

SHA256
4b3f6e726a5d9213cf033fbac14421a7e2041d082976c96e3ced87114dcaa579

SHA512
0a0afdb69cb0e92c24082e07ecda78628ab7b73d6df70d417d835030e0c30b65570cdaee3bd1c22fb9b469a754cd7f487bf0a1832f9f5405c6e465bbcb78fda8

Download Submit
/usr/bin/pcokfrutdo

Filesize
611KB

MD5
b3448d0dd8c447d121f9130c29e139b4

SHA1
b18bf4cb30bf13ffb84be930c1295863dbb4feef

SHA256
0f8de5bbef1efc2b978059142ca79c0ce77f05ea562d812e8de8ab96ba4a7f2e

SHA512
38684a5f04a11f2897a0a99b2276bb37a172cda4ec0a97e781f0c6c63525950e41f358ca3b47b038e00dc0c85a03c25b5f824372cdb36a0d32fb911ba7a72889

Download Submit
/usr/bin/pnshwseouk

Filesize
611KB

MD5
d59d88db3f7d0dedd0b77dff53a23173

SHA1
14a8bcbb092752f9cb246c95ca915f59f0027220

SHA256
0d6b48fbece32c75c349515dd075faeb34301f6fe447b0bba639663f76ee139f

SHA512
71174ebf771a30f04f550567c76287ed50ba9ae15301cc7fad532fe2f6593038bf498b478e5c675c0cc3616b9d35cb9c2e2c51e139bdc2e8c1d0318ba3dd7c57

Download Submit
/usr/bin/rvrhtxlgfv

Filesize
611KB

MD5
d83a5d06580a24d4dbd604c2d4168370

SHA1
d8f90a9c2a049a96df9af0204597908ff41e18ff

SHA256
e0b04370c890a09db867881fc4a7258386a5a386406e092c685eec5014661713

SHA512
72691b8ea42ffcb389c9299c3b4301a6da2aefcacc5674fc991d85c10fb6a3c7a7aab4d45057cc9776ebdd58ad14cfea210f60911653a6b5d2158d291b3fbfc0

Download Submit
/usr/bin/uxrzrnsjgh

Filesize
611KB

MD5
49241f981e95909e8a89a058f8aa5b74

SHA1
346a52199885badbb62cc0a41857e6a8bb589067

SHA256
44767eaaa424df015fc1087b687ba17a65e12bb3434bbbcc3b90433d29da42d2

SHA512
e74cf637c2e2fa044575617134faebca64d72bc200a6aacb4c209a444794c1a4a3772093787c45e088d97083aff3c25710310af7b558029236aa02ab9fc5a01a

Download Submit
/usr/bin/voaxymefmm

Filesize
611KB

MD5
665152a4ef3acc275860a1e060353843

SHA1
18793cf704aa16532be269eae1d7e9e80809c78a

SHA256
c467f0751b0e21badd0cbb1ce04001d8651bc1af5a7deeaebcbc6fd78e830d0e

SHA512
6f6a63a7d868d2fc8ccd0eade7b9b8a7d7734a29dddc83acb99193413996a5ade0a251bce7eea65dc29959fc080f93cb9df3075df8d99d91bd99240612ae1620

Download Submit
/usr/bin/wjhqdadtfu

Filesize
611KB

MD5
220ee198f3240ab6ad983fae519d5468

SHA1
af16b8740dc2a81cfda50029fc452b63bcaae47f

SHA256
b3bd669e69120c0a368eb44dc308581f1ab8b1e9d0a62601363db556dd3986ed

SHA512
8cd529d7f5f52a66afbfc019476e3b1517ccaaaec77d5de6dd93625e088dc92139a00f0b6b3242a398ad957fa40c422d3e9f7934496f580b4bc80c2810572f6a

Download Submit
/usr/bin/zuxnjqbcnc

Filesize
611KB

MD5
ca52927452cd1161cf4adb5456e30541

SHA1
3ba9fa62fabe2b8a4a5b8d4859dd696cc8fc70db

SHA256
3397196b5c067dd9bf13bf0c432583985b8e54ca43b83f676efa2f0583d23034

SHA512
ca1eedc1f49a0c34a71f24d9f2efde6a157f5accb3e2ef1bda835bfd939271d532a4940f41c80ada9ca414693128a0a8a0017cdd6c64d6b0a824adabaeb24ec7

Download Submit
/usr/bin/zxhfsaopow

Filesize
611KB

MD5
61af4bcaaf416a79cd2a649046f114a2

SHA1
f5b760b0d07aa377b8b8c827033dfdff7882f4c7

SHA256
7a8cf5085a56a23052c9ce0894c73d69cd5b8b7acd7bf64883beabf9cb7a4954

SHA512
69f5e30f8380b3455d5f893423924f028bc62a396d13e109f405a0c285829baefe3aff7de1c9188e6d97cfa40425ca4317f8e22b5dce7ed9e548448defe946ab

Download Submit
/usr/lib/libudev.so

Filesize
611KB

MD5
3291432c0084225333ee57320404e655

SHA1
96a637393566a51222a87f3588b01e021faac651

SHA256
2409fb21fe377f7e12dda392f26d7c93b7715239169d362dd907fe499ab38ee9

SHA512
d86e86246063a6bb4d7c09d5c4e52af5904458b489b7dc21b0c795b32981482545c4a7f757892a2a2fec7af092986480642e8990e74f12ec6e26a17e328535cb

Download Submit