General
-
Target
3765193e92c10eab1dc09a2c89857734_JaffaCakes118
-
Size
610KB
-
Sample
240729-elercssdpj
-
MD5
3765193e92c10eab1dc09a2c89857734
-
SHA1
6bb8b7eb78646a88a0bf1a9067ea4998fff4de06
-
SHA256
c3ca04f3ea1f643ec2e04117efbcba263646307732b3ea1a27fa0cdb038651ac
-
SHA512
01f7ad629ef40fd55f47d25ecc969c42297583668967c21a10512cfccfb5e07402a61d56716954ecf8c29e49eb44e7aa69293f0ca5a72b55d87c5dbe39d7141c
-
SSDEEP
12288:WBmHsnhar0nJ7FGY5HRYxC1mqiL40qFCWU7k/gU6yZNnXgW4UlUuTh1AG:WBmHgaUVFGAR11mTL40q/qGpXgUl/91h
Malware Config
Extracted
xorddos
http://www1.gggatat456.com/dd.rar
ppp.gggatat456.com:1523
ppp.xxxatat456.com:1523
-
crc_polynomial
EDB88320
Targets
-
-
Target
3765193e92c10eab1dc09a2c89857734_JaffaCakes118
-
Size
610KB
-
MD5
3765193e92c10eab1dc09a2c89857734
-
SHA1
6bb8b7eb78646a88a0bf1a9067ea4998fff4de06
-
SHA256
c3ca04f3ea1f643ec2e04117efbcba263646307732b3ea1a27fa0cdb038651ac
-
SHA512
01f7ad629ef40fd55f47d25ecc969c42297583668967c21a10512cfccfb5e07402a61d56716954ecf8c29e49eb44e7aa69293f0ca5a72b55d87c5dbe39d7141c
-
SSDEEP
12288:WBmHsnhar0nJ7FGY5HRYxC1mqiL40qFCWU7k/gU6yZNnXgW4UlUuTh1AG:WBmHgaUVFGAR11mTL40q/qGpXgUl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-