Overview

overview

10

Static

static

10

363a1b4bf2...kes118

ubuntu-24.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118

  • Size

    544KB

  • Sample

    240729-d4dfks1dqp

  • MD5

    363a1b4bf28ad95db5b209b771b12b47

  • SHA1

    9b0aa7ab01ee2a858f9cf1254cf65f988977fc58

  • SHA256

    e157d5c74cf949af2105f513b93bc5f1e745c33d2e8e28aca333c52ec4d0ec11

  • SHA512

    1249da35dfc455cc6854126d439294f1fdff21fe030bab2089df732e756e19cc42cbec9b42525606bc52fe8d067493626bd179d4dd2b6ab1505d0e2472280269

  • SSDEEP

    12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrgT6yF8j:FBXmkN/+Fhu/Qo4h9L+zNNgB8

Score
10/10
xorddosbotnetdownloaderlinuxrootkit

Malware Config

Extracted

Family

xorddos

C2

http://aa.hostasa.org/config.rar

cdn.cloud2cdn.com:3308
Attributes
  • crc_polynomial

    EDB88320

xor.plain

Targets

    • Target

      363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118

    • Size

      544KB

    • MD5

      363a1b4bf28ad95db5b209b771b12b47

    • SHA1

      9b0aa7ab01ee2a858f9cf1254cf65f988977fc58

    • SHA256

      e157d5c74cf949af2105f513b93bc5f1e745c33d2e8e28aca333c52ec4d0ec11

    • SHA512

      1249da35dfc455cc6854126d439294f1fdff21fe030bab2089df732e756e19cc42cbec9b42525606bc52fe8d067493626bd179d4dd2b6ab1505d0e2472280269

    • SSDEEP

      12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrgT6yF8j:FBXmkN/+Fhu/Qo4h9L+zNNgB8

    Score
    10/10
    xorddosbotnetdownloaderrootkit

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

      botnetdownloaderxorddos

    • XorDDoS payload

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit
    behavioral1

MITRE ATT&CK Matrix

Tasks