xorddos | e157d5c74cf949af2105f513b93bc5f1e745c33d2e8e28aca333c52ec4d0ec11

Analysis

max time kernel
150s
max time network
151s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
29-07-2024 03:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118
Size

544KB
MD5

363a1b4bf28ad95db5b209b771b12b47
SHA1

9b0aa7ab01ee2a858f9cf1254cf65f988977fc58
SHA256

e157d5c74cf949af2105f513b93bc5f1e745c33d2e8e28aca333c52ec4d0ec11
SHA512

1249da35dfc455cc6854126d439294f1fdff21fe030bab2089df732e756e19cc42cbec9b42525606bc52fe8d067493626bd179d4dd2b6ab1505d0e2472280269
SSDEEP

12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrgT6yF8j:FBXmkN/+Fhu/Qo4h9L+zNNgB8

Score

10^/10

xorddos botnet downloader rootkit

Malware Config

Extracted

Family

xorddos

http://aa.hostasa.org/config.rar

cdn.cloud2cdn.com:3308

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 30 IoCs

Processes:

resource	yara_rule
/usr/lib/libudev.so	family_xorddos
/usr/bin/ysqetuovay	family_xorddos
/usr/bin/nhvylykzzf	family_xorddos
/usr/bin/pakekayplu	family_xorddos
/usr/bin/utgjnzvpvx	family_xorddos
/usr/bin/zqcqfrhwjm	family_xorddos
/usr/bin/tammhxxfdz	family_xorddos
/usr/bin/tntzowhpqi	family_xorddos
/usr/bin/lfnfeihmdl	family_xorddos
/usr/bin/bvbzxzplar	family_xorddos
/usr/bin/gvkqaedxqj	family_xorddos
/usr/bin/tfbsacubea	family_xorddos
/usr/bin/kxirxnyqqq	family_xorddos
/usr/bin/vxihqczkng	family_xorddos
/usr/bin/ddkeyvocvz	family_xorddos
/usr/bin/qtsudvsrfe	family_xorddos
/usr/bin/jfakzvlagv	family_xorddos
/usr/bin/ubjtflytac	family_xorddos
/usr/bin/hqugnannfh	family_xorddos
/usr/bin/fbaorlckxr	family_xorddos
/usr/bin/vgqjeexagu	family_xorddos
/usr/bin/wzphqrpdjr	family_xorddos
/usr/bin/mbhezymwxt	family_xorddos
/usr/bin/jnenguadke	family_xorddos
/usr/bin/qndmhjtcuv	family_xorddos
/usr/bin/ocboybchjr	family_xorddos
/usr/bin/slibfrgehw	family_xorddos
/usr/bin/kzggnsucfh	family_xorddos
/usr/bin/wtbyhlwozo	family_xorddos
/usr/bin/eqxvxxqsxp	family_xorddos

Writes memory of remote process 2 IoCs

Processes:

363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118

pid process

2443 363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118
2455

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

Processes:

363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118

pid	process
2443	363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118
2444
2450
2444
2444
2456
2455
2457
2444
2444
2455
2455
2455
2455
2455
2455
2455
2455
2444
2455
2455
2444
2475
2477
2484
2479
2481
2485
2483
2486
2487
2488
2455
2455
2444
2444
2484
2484
2485
2485
2486
2486
2487
2487
2488
2488
2455
2455
2484
2484
2485
2485
2486
2486
2487
2487
2488
2488
2455
2455
2484
2484
2485
2485

/tmp/363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118
/tmp/363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118
1⤵
- Writes memory of remote process
- Loads a kernel module
PID:2443

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/init.d/363a1b4bf28ad95db5b209b771b12b47_JaffaCakes118

Filesize
495B

MD5
ffad0bd732627f2ead62a127339bc189

SHA1
58120252916044bec2fa1c32e5fe6dc06ed6d08e

SHA256
0a6314d125a62b70226e8d1a2528c50337d7a8313f22f36a24e7df92961d0abd

SHA512
60b1b6eccb8eb6bbbcd65a4cb05614a87e78dc2b062f056813739e4c55991ee505e16ac3f177632aa4fd9fda96b1e44699a03d5275a699042bd647c13e3dea58

Download Submit
/run/gcc.pid

Filesize
32B

MD5
d79a58ee8ecc1cd82d4947a2d1c24e06

SHA1
bbd46c38accc31d5eb9c225cd0f872ec38020378

SHA256
7fd964cf4d5d95130c94ad87678752a12a7be53f38f706c02462dd70969d4f8e

SHA512
3485e7bec090468b3908ec0cdd35ea9ce6ad37427bf0d8e0b50262c7785098bec42707582a9c997c8db4fa10fb218b27f20961c382d8ee58ce24e11ef32a4128

Download Submit
/usr/bin/bvbzxzplar

Filesize
544KB

MD5
c5340f479c52e48e6fc17e2fd1c6c489

SHA1
5e03e6b3edbd10950a4f6429ea4d30e1c73f59cc

SHA256
2b93003e96cbe62d7cd4a89cb2c76017ae6debc9fabf090a3f16f3b97849a624

SHA512
5803d6336b0b7024028c19df177d2d5266311cd1b7028f392fa8457e8441e44c602c53ef931b058e1fdf88b4b3b7fad546c1e63cf0ac9669193add046f9255c3

Download Submit
/usr/bin/ddkeyvocvz

Filesize
544KB

MD5
5eb452d0113ebb2ea47686b5af2d9ecc

SHA1
c5ca14f2010f46e3d644a67afc7b1db12f2d0d51

SHA256
cc022be9a4095a313e510c500e0a9bcfb45ee4f8c6ccab93d543d8b652b839be

SHA512
5c0ada03fbd5a1b55da438c2730eb9e1b5384c0e0fe5717e06935b76d952ea0adee2014415d1604c0d7e4311a5038e179937f3e088c5ca92b5192f5aea8f385f

Download Submit
/usr/bin/eqxvxxqsxp

Filesize
544KB

MD5
a137b30760d7a0f0d4d1a001e7cf6d1c

SHA1
ae41157ee341a69c019676e1e0c614127a8cebcf

SHA256
677b1756ea47aa75644be7dd79335e707d237a47f38897a24ead677f972a2f54

SHA512
d0dfab3bc772d2ae357b9a6ca776b28330b38bc6c07e0093d60edd8721ea282bb48dba51a29924e7397991115dfc798647d88137578eef0835cb58109d62da07

Download Submit
/usr/bin/fbaorlckxr

Filesize
544KB

MD5
3615d3fbd0b0a3c541a091c68af75b08

SHA1
fc7d9fc66d488a30470659c097982d9833b840c6

SHA256
ffcbebc0ea5212f123659a580e5d6493fa0d9335ab61f3818446b71b7629c70b

SHA512
1582d654749f394e8654269ad1cd1e7ef052beb36d3d374f538b59d4aa96310bfb0fbef3da68f16465e1be0d6d90c2d5445d3cb32380bef87abf6dfcf6bb21e9

Download Submit
/usr/bin/gvkqaedxqj

Filesize
544KB

MD5
e3e34a856fd41bb3668e318e73a76b62

SHA1
8acbe7c81530fcd7c3616b38371de9e6d21d3554

SHA256
58e7d91ef5493f691d8c36f4b5fc541231c01af7af5ce629eed94763cb02c2ad

SHA512
d78bc1f4746dc40ade7177dc469d96e6a482cd865f6f333204d5a853025d74b4e0580e32fd998f8036f018e3f48a6427d08b92a42f9f890c005bcf5b684b3b0d

Download Submit
/usr/bin/hqugnannfh

Filesize
544KB

MD5
cb4953a6afc92aceb64e1ca14b0ae3f3

SHA1
5492747a5fc9f085881c218f9515277c03554460

SHA256
883c55aa88d91cc453332ca5d37c7423a700bd7dfdbc7853a042f3a68a5f797b

SHA512
5f13d1faef1534d7533d5b83bfd9ff75b10a39cc55f410a0d6f307fa2448086cc40b321cc15efd3b88dfbc2f29267ed2902465c48624314638fe25e666956d57

Download Submit
/usr/bin/jfakzvlagv

Filesize
544KB

MD5
4905c0157fa29fdaaf05293bbc1c19b8

SHA1
10c9faa4dec3b8ba88913f6bda8791b6f4f88a90

SHA256
21ec51d6e09add601627a07b36068eb1b9a4ecfd90d4c346eb427512831a73f1

SHA512
60be802b6941e9bf5585dc1e3f02a3a016f1fa540a799a3802e0c830923c9b13143e8a15d7f799a2361b6b5433d7a736da17c4bfe7e62153cb03df50c5717ba3

Download Submit
/usr/bin/jnenguadke

Filesize
544KB

MD5
f646cc26c638204bdbd3987fa05da375

SHA1
906e2104e1706f1facbfb167ae5995e804efdc64

SHA256
24c30a40c5bfa3e96eaaa2ffd6874f7904d5cc303c9a0adf154c1c25b28dcf56

SHA512
afd0618e968b3eb3d0cde9eb4266b785c4ca24d4d95424bf0b09980b9cbb3f0af47cad5f6d17a1aa312fa139b17caa50480e0cafb90d3ebfcbfee22c8e0ee74b

Download Submit
/usr/bin/kxirxnyqqq

Filesize
544KB

MD5
e3d339d51b2aea581d4858030ba61a5d

SHA1
7fa4d24175ab45084c98a6658d96ffc43a91d1a2

SHA256
d0e6b99e59b14366d0c56a0a38f8221e3af6cf85463dce083a3dec43747527ec

SHA512
199b6f8147932bccfea5acc11efa9ce8f2efefd1f022d0607f0d1391ad59dbbc3c55970364341423d727cdc39152aa099b9763d15dd58919ceb9bd2b4cd48f34

Download Submit
/usr/bin/kzggnsucfh

Filesize
544KB

MD5
b1a957178a0b6611da5492fd94153bae

SHA1
5c8f13022e2fecebc3f230fed04845a14ff53771

SHA256
1bfd6ec350f5cc73ec4ea9ba3e5c21de530391139bda69f0682cf6d4e9f92e68

SHA512
82f161bfb53b7e546b596bf7c9f7313c18a0bd236f396ad459d4f9e5d32d7b2d941077561796857732b80af00e4578e814c2d9fb45c3feab3478b7f9dd46969c

Download Submit
/usr/bin/lfnfeihmdl

Filesize
544KB

MD5
729a71fcaaee335e0d3dfa3ffa7104c8

SHA1
f6a38d0e66d6e2f176457ffce497f6598eedec68

SHA256
4a32802a6b928c85e0841ca3dde2189dcd90a268eb0a4fa340ccfca6213c60b8

SHA512
8c72a85c80563f5dc1bf892a70abda7982413e5e0f580a3c9bda9f945a6e0259debc29ccc123c59fba3cd173a6054be0406a03bba03c4c4015164398d4d5762d

Download Submit
/usr/bin/mbhezymwxt

Filesize
544KB

MD5
79c85d6cfe8bf76119c843c3bb0d9617

SHA1
26e697b9f1949c403cd6e422e796a58ebbfbee0f

SHA256
de93ac9533df75c11952a1c73f2cd1bef3b66f28e1d21a2b4f0382d1225fa52d

SHA512
56c8982d7241ca28a8dd54384bebf67fe124d1880a49d783318c03eabe6376a28349819c699904acffbe4c7bf4ee4583a41af2367912cfd261cdd9e41ca1dece

Download Submit
/usr/bin/nhvylykzzf

Filesize
544KB

MD5
9ce36303c29d1e6c828062b59df7f67e

SHA1
5ac17f7db316914935b1bfdb9b7fd9b46f4cb791

SHA256
6a1190d0a442ef521e57ef060d22e6ff03a1bec329eb239ed8ad227c37c593e3

SHA512
9120d95f197c4267e46224fa3630396f60848b968c498d163d9ed35f34e476648eb7f2dfe63b0e42e452acc050da3c42c8c1c84f938be3dcb9b862b30ce63f92

Download Submit
/usr/bin/ocboybchjr

Filesize
544KB

MD5
6ac0d142eb15c583a63293a8a0ea91f7

SHA1
f64dcecdeb16e45388f735d4349c0ddf874fe938

SHA256
ac82dde337015e95861ef9612f0b7dd333eab7ba9ffaf6cb425ec74550cc51ea

SHA512
ee1697f29a0271cb4eeb2191757cf43ed79475f074b425b23b94eda90c324a8f6bf06c935aba6d5fc0c02f7cfcba809622ad010a89d716586a38c9ce26331e37

Download Submit
/usr/bin/pakekayplu

Filesize
544KB

MD5
39c0a6e03fa491641c4163e41e37595e

SHA1
f16a7181fc2181045fe9fc5cccffe7cb125fa546

SHA256
8d72fa79cf8ab4bb75c814dd49a1ca5f5ffe4263fb8a4b4a26c21e6a7d09a0d7

SHA512
4e76701548eef234b63cc5dedcced9157a734f4577fbf518fa46b4a282ba1e14162a8d0c9cd8d8314f875d1ab9b36e292505fed2ee3286ceb670528c778ab156

Download Submit
/usr/bin/qndmhjtcuv

Filesize
544KB

MD5
1ff34deabc08dab846aa1091de237fc8

SHA1
461ff8ea049fa91bc6bb4099e5481902a5d90e0e

SHA256
aea956a51d841493960363fcadaab3444746669640dd992b0631bc6b82c9bf77

SHA512
476a89f83ab880ef980d49f102bb3727e539b280527f03838dec76188ff551fbfe55abf49c531cd206310f4f3e554a707d6662dd1c6050f8322e31fcf60fa88a

Download Submit
/usr/bin/qtsudvsrfe

Filesize
544KB

MD5
5b5ea86afefe69565781ea1be1cf6584

SHA1
9a60f1711224b2278856b981995d9ad1363702f6

SHA256
2373dd2145c1eab95a00fdc948aef259472e0b33869ba973aeeabae56c5f11b2

SHA512
9e6c04cfb791adb9ed393b9ee5343f1467f34e2ea7512b08d2185fdd99737d7eb060300af4f550d097728d5c9745f5eb9c19f6eafe49fcbfacbc0b5aee5c08f4

Download Submit
/usr/bin/slibfrgehw

Filesize
544KB

MD5
7387f8ff695a1d5ea379baf24f3212de

SHA1
49a0676c8fb1470634b6a9d03ebf42cdcfc808d3

SHA256
b12334aa8684c6d4c9c1c8e721521ce5f447b6fd552bb6a92ef477588632b6e3

SHA512
ba21d1c8a182bddef5dd55369c040b51b96b31dd2e843c0ce4e2193f9db582994189bb7713708a0c7e63f6abdaaf39380337da0e88c8bec516fff2e652a217b1

Download Submit
/usr/bin/tammhxxfdz

Filesize
544KB

MD5
7e0f0c0c2212a1c224ba31fa46b3cafe

SHA1
a70486950ebafc9edf4a9d119f978014e4f0a804

SHA256
e2f8aae12d76aab45254f2f6dfa33a5a144169d93b8801e0c35229e26c56e531

SHA512
7e4eb4a41ed8b787a6ffd69def0a5eb4f8bddc5bfcd82c205bad05f4c4a0fcd22d771b632d53abb8a1c74dfe82415ec6b806cc8bd11f7e78b269ccf9212995b6

Download Submit
/usr/bin/tfbsacubea

Filesize
544KB

MD5
78f8a80e6238fa064c67d026598674f9

SHA1
23ee775bb1d52d8726346c0bf7960d9d32c3d381

SHA256
99ad9d88365a1de3eee18810a56708e12ada4a325b574605afde8febdf4cc51e

SHA512
7eefe1ca2d05e6ba1b87d390ffe264765a539c7c2058fd5ff96d6ae88bc81de3589c27c20a8f2e6ff7a8596c47736d6c6cf45f21b7dae1104e093e408bc1e756

Download Submit
/usr/bin/tntzowhpqi

Filesize
544KB

MD5
f80c4ebaac44c42530f762ff5f93e2ef

SHA1
424ddec96304127a9c7fa9228e6ec8e6bc59db89

SHA256
a398facd0b4fded3d340c00188018da28418a0915476d7c1bdbdf886c6e04f57

SHA512
febc8ea67e00be91b465505f1a2d2b6610f4433869a81ddb092d8d921dd8d56736f4b9087457a8c18434d16e68e9a10a7ee8f732fe41356e712f450fba36e0ec

Download Submit
/usr/bin/ubjtflytac

Filesize
544KB

MD5
043b4ea7d7f3ff6f61c8409682d12ce3

SHA1
8b854db07955ba6b57d972453394f0d5bb2980cf

SHA256
39db9f9a0bf36f7f750aff80e8e402e101f2336986b0927c9b141294978cdab4

SHA512
0b726c79a5be351f039ccde11d771d4b408b6dc20a306cc0503ac86f228754de9810bc8f670db9956f6322d8af8fae6a093722c881ac3710275efa71e2625ca8

Download Submit
/usr/bin/utgjnzvpvx

Filesize
544KB

MD5
8d4f85b47a22b50e7de025d920d41a91

SHA1
fbcb732b15ac27883fee88bc5561a7499e408a0e

SHA256
f51b64ef7518d458484ae9dd3101e4eb5442842d698f393956592537b81f9d0c

SHA512
4f87ad8a3a5488e2c04e45b52495bf9df29e1db5bdfcca1a3a394aecdeb108355be284ca683dd48beab6e282b09897a68c9203eb534a326505c47b72d8ed74b4

Download Submit
/usr/bin/vgqjeexagu

Filesize
544KB

MD5
128763b7dd78853f471ee93c1fdc5315

SHA1
04b8842d593c4e05e752327b21199d84f966af4a

SHA256
0159cfb636203cb830c949a7485c71208f6da643dc4af35a13d48694cbdb766e

SHA512
055a44185db8d92f5d5b2433a40c84eb1d80d16c62074d88ad52e4c32eec37346a56d61b5c6a96d905709f8de4afabca5302edcd2a5c60ce741d351f40aab6e2

Download Submit
/usr/bin/vxihqczkng

Filesize
544KB

MD5
ff5db190609eb9dbc306eff920b885fe

SHA1
8a9f9bc5f81843fe9fe3cdf5ef36be68c1a59e13

SHA256
fac590e9495a0df218c341b81ff97628c51108c084e690caf36b9e73d5d58108

SHA512
8868729ed7ad2bec4caae05a3ab806767ec797fcaac919ac335a18d098ad80487c719e6e2d62ea53f517196069d6a9fbb993ea0adebbf985a43207cdd23d78b0

Download Submit
/usr/bin/wtbyhlwozo

Filesize
544KB

MD5
13be51c23f6d56bcbc169c483fc52fa8

SHA1
57c996eb60d8204531873d44dbe36fd05a7f706e

SHA256
6000e60cf0f6996af2e52ee870ce68958a3fd66d81cc93b2c035edc3b3518a41

SHA512
5c3c4149e7ec4a53613d16286afc2cf591576608e1ee39d2a816a8a9e23ae20938b77c85fc22a9bc4342705b204b3a817903800f634484e3ccddf7cbdb5a007f

Download Submit
/usr/bin/wzphqrpdjr

Filesize
544KB

MD5
e40bc830539bfab187a3602d7e2ba988

SHA1
3686df5311f9089dd512105487e51390977ebdaa

SHA256
07f295fe55a8dba0c8ec44321e53b236bc3c1f4d315bc78b403cb49635716f2c

SHA512
1d6016c0eedc9ff493415253ca34a89bfc444c85c100b07cffa0fe34109991219a571a3cb144f9dae6c1f2f705adad1303d49cd33ca54a346c9b8b7f1e8fbd02

Download Submit
/usr/bin/ysqetuovay

Filesize
544KB

MD5
4a348c02be562f7212215abc8eaf8831

SHA1
2095303467e4c734285ee29f997283056bc0688d

SHA256
1214869e59c8d0e512698825ed2f360b312e34ff81dda6c9cc8d176005d88b97

SHA512
30064f8258614ce7cb07a6fb8ec5b8796371f92b07c3aca7a88b163b2166ee1501053c514b06c0dadac881f4d316bea2156669fcf82ee3f4b96675e786b449b3

Download Submit
/usr/bin/zqcqfrhwjm

Filesize
544KB

MD5
3ac8c6950f7f030ff75a596b400614fb

SHA1
4c8adb9602316d92838d2ff9c936e640df791290

SHA256
092d89a1f274b8f62f19ce6737ca58763750ff37a72d51f0277efa3d970f3252

SHA512
9c34dde90522fb4c4de0ba27642a080591c33be537a29eb3109a7ee724a8a03bedbba67053c2d975edece0669d4ae0ddcb4da351fc3908c5ff0148451a3caaf6

Download Submit
/usr/lib/libudev.so

Filesize
544KB

MD5
363a1b4bf28ad95db5b209b771b12b47

SHA1
9b0aa7ab01ee2a858f9cf1254cf65f988977fc58

SHA256
e157d5c74cf949af2105f513b93bc5f1e745c33d2e8e28aca333c52ec4d0ec11

SHA512
1249da35dfc455cc6854126d439294f1fdff21fe030bab2089df732e756e19cc42cbec9b42525606bc52fe8d067493626bd179d4dd2b6ab1505d0e2472280269

Download Submit