Overview

overview

10

Static

static

10

39ffc090c3...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    39ffc090c3be8b2e3835c5c887d05573_JaffaCakes118

  • Size

    538KB

  • Sample

    240729-ggkg6awbjk

  • MD5

    39ffc090c3be8b2e3835c5c887d05573

  • SHA1

    70f4f7f0a05b934fe7bd709ab6341d1d7c133105

  • SHA256

    02663b6c8c7738fdc443491983ea3f5d7e7ea91a784a9cb006b0b4ded0a737f4

  • SHA512

    a14cebafb26bb11c242974142bfbcf7bd8308c0ded4dd95e525f8390ab47561a7452b6b1351553eae87c37c630d958ef28321dba7d060eb9ae96bca8cc222f95

  • SSDEEP

    12288:fB+OFJ52snwnBrHnL0iTwseG3vtxaYEM/tiL6yXZ:JzL5ZyrIiTNeG3vtxaYEwiL

Score
10/10
xorddosbotnetdownloaderlinuxpersistence

Malware Config

Extracted

Family

xorddos

C2

topbannersun.com:5212

wowapplecar.com:5212
Attributes
  • crc_polynomial

    CDB88320

xor.plain

Targets

    • Target

      39ffc090c3be8b2e3835c5c887d05573_JaffaCakes118

    • Size

      538KB

    • MD5

      39ffc090c3be8b2e3835c5c887d05573

    • SHA1

      70f4f7f0a05b934fe7bd709ab6341d1d7c133105

    • SHA256

      02663b6c8c7738fdc443491983ea3f5d7e7ea91a784a9cb006b0b4ded0a737f4

    • SHA512

      a14cebafb26bb11c242974142bfbcf7bd8308c0ded4dd95e525f8390ab47561a7452b6b1351553eae87c37c630d958ef28321dba7d060eb9ae96bca8cc222f95

    • SSDEEP

      12288:fB+OFJ52snwnBrHnL0iTwseG3vtxaYEM/tiL6yXZ:JzL5ZyrIiTNeG3vtxaYEwiL

    Score
    10/10
    xorddosbotnetdownloaderpersistence

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

      botnetdownloaderxorddos

    • XorDDoS payload

    • Deletes itself

    • Executes dropped EXE

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Write file to user bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks