Overview

overview

10

Static

static

10

4ae0d00d50...kes118

ubuntu-24.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4ae0d00d50a95510a4c0f8e5c65ace1e_JaffaCakes118

  • Size

    611KB

  • Sample

    240729-rd3jnswbqd

  • MD5

    4ae0d00d50a95510a4c0f8e5c65ace1e

  • SHA1

    af220a1c460d51af08a6c2ac1125521c4930fcdf

  • SHA256

    c9b7f584ca01e4cb186128cf60ef4cae7929aa13d3f5a883a597743fbde3dfe7

  • SHA512

    14e3c887fa53577fba90be308e82b2c16599e6cb85434e5d5f432fedc2a8b014701878b02bd19da215b5827c66c24758ce9c19c57ba4a482aefe99cec87bb676

  • SSDEEP

    12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrPT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNPBVEBl/91h

Score
10/10
xorddosbotnetdownloaderlinuxrootkit

Malware Config

Extracted

Family

xorddos

C2

http://www.gzcfr5axf6.com/config.rar

bbb.wordpressau.com:3008
Attributes
  • crc_polynomial

    EDB88320

xor.plain

Targets

    • Target

      4ae0d00d50a95510a4c0f8e5c65ace1e_JaffaCakes118

    • Size

      611KB

    • MD5

      4ae0d00d50a95510a4c0f8e5c65ace1e

    • SHA1

      af220a1c460d51af08a6c2ac1125521c4930fcdf

    • SHA256

      c9b7f584ca01e4cb186128cf60ef4cae7929aa13d3f5a883a597743fbde3dfe7

    • SHA512

      14e3c887fa53577fba90be308e82b2c16599e6cb85434e5d5f432fedc2a8b014701878b02bd19da215b5827c66c24758ce9c19c57ba4a482aefe99cec87bb676

    • SSDEEP

      12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrPT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNPBVEBl/91h

    Score
    10/10
    xorddosbotnetdownloaderrootkit

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

      botnetdownloaderxorddos

    • XorDDoS payload

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit
    behavioral1

MITRE ATT&CK Matrix

Tasks