General
-
Target
494d9a5e25b9e1d3eedb7a2341aa49ad_JaffaCakes118
-
Size
544KB
-
Sample
240729-qq36aszgnq
-
MD5
494d9a5e25b9e1d3eedb7a2341aa49ad
-
SHA1
3f1f4ba2434d0ad07838ebc694ad4a4cf8c9641a
-
SHA256
5f0a2b492c8accde73f1e3db51fe398d54e622655d34fd6d49f7a7264179a885
-
SHA512
7b0514d9919a80e3585f2c5695acccd27b1cc9725c5995a7d657a49e6de04d07ca4e920328e7c59ab89f4395ce239881b23803710c87560950b596d00fa65b12
-
SSDEEP
12288:JbinNy0Y1nvEtXBx6DkkJmAGyPexU279WnjVZ6ySWK:1iNy0evmxvkJmApPexUm9cVE
Malware Config
Extracted
xorddos
topbannersun.com:1433
wowapplecar.com:1433
-
crc_polynomial
CDB88320
Targets
-
-
Target
494d9a5e25b9e1d3eedb7a2341aa49ad_JaffaCakes118
-
Size
544KB
-
MD5
494d9a5e25b9e1d3eedb7a2341aa49ad
-
SHA1
3f1f4ba2434d0ad07838ebc694ad4a4cf8c9641a
-
SHA256
5f0a2b492c8accde73f1e3db51fe398d54e622655d34fd6d49f7a7264179a885
-
SHA512
7b0514d9919a80e3585f2c5695acccd27b1cc9725c5995a7d657a49e6de04d07ca4e920328e7c59ab89f4395ce239881b23803710c87560950b596d00fa65b12
-
SSDEEP
12288:JbinNy0Y1nvEtXBx6DkkJmAGyPexU279WnjVZ6ySWK:1iNy0evmxvkJmApPexUm9cVE
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-