xorddos | c9b7f584ca01e4cb186128cf60ef4cae7929aa13d3f5a883a597743fbde3dfe7

Analysis

max time kernel
149s
max time network
148s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
29-07-2024 14:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4ae0d00d50a95510a4c0f8e5c65ace1e_JaffaCakes118
Size

611KB
MD5

4ae0d00d50a95510a4c0f8e5c65ace1e
SHA1

af220a1c460d51af08a6c2ac1125521c4930fcdf
SHA256

c9b7f584ca01e4cb186128cf60ef4cae7929aa13d3f5a883a597743fbde3dfe7
SHA512

14e3c887fa53577fba90be308e82b2c16599e6cb85434e5d5f432fedc2a8b014701878b02bd19da215b5827c66c24758ce9c19c57ba4a482aefe99cec87bb676
SSDEEP

12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrPT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNPBVEBl/91h

Score

10^/10

xorddos botnet downloader rootkit

Malware Config

Extracted

Family

xorddos

http://www.gzcfr5axf6.com/config.rar

bbb.wordpressau.com:3008

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 30 IoCs

resource	yara_rule
behavioral1/files/fstream-4.dat	family_xorddos
behavioral1/files/fstream-5.dat	family_xorddos
behavioral1/files/fstream-6.dat	family_xorddos
behavioral1/files/fstream-7.dat	family_xorddos
behavioral1/files/fstream-8.dat	family_xorddos
behavioral1/files/fstream-9.dat	family_xorddos
behavioral1/files/fstream-10.dat	family_xorddos
behavioral1/files/fstream-11.dat	family_xorddos
behavioral1/files/fstream-12.dat	family_xorddos
behavioral1/files/fstream-13.dat	family_xorddos
behavioral1/files/fstream-14.dat	family_xorddos
behavioral1/files/fstream-15.dat	family_xorddos
behavioral1/files/fstream-16.dat	family_xorddos
behavioral1/files/fstream-17.dat	family_xorddos
behavioral1/files/fstream-18.dat	family_xorddos
behavioral1/files/fstream-19.dat	family_xorddos
behavioral1/files/fstream-20.dat	family_xorddos
behavioral1/files/fstream-21.dat	family_xorddos
behavioral1/files/fstream-22.dat	family_xorddos
behavioral1/files/fstream-23.dat	family_xorddos
behavioral1/files/fstream-24.dat	family_xorddos
behavioral1/files/fstream-25.dat	family_xorddos
behavioral1/files/fstream-26.dat	family_xorddos
behavioral1/files/fstream-27.dat	family_xorddos
behavioral1/files/fstream-28.dat	family_xorddos
behavioral1/files/fstream-29.dat	family_xorddos
behavioral1/files/fstream-30.dat	family_xorddos
behavioral1/files/fstream-31.dat	family_xorddos
behavioral1/files/fstream-32.dat	family_xorddos
behavioral1/files/fstream-33.dat	family_xorddos

Writes memory of remote process 2 IoCs

pid	Process
2426	4ae0d00d50a95510a4c0f8e5c65ace1e_JaffaCakes118
2438	Process not Found

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2426	4ae0d00d50a95510a4c0f8e5c65ace1e_JaffaCakes118
2427	Process not Found
2433	Process not Found
2427	Process not Found
2427	Process not Found
2439	Process not Found
2438	Process not Found
2427	Process not Found
2427	Process not Found
2438	Process not Found
2438	Process not Found
2438	Process not Found
2438	Process not Found
2438	Process not Found
2438	Process not Found
2438	Process not Found
2438	Process not Found
2427	Process not Found
2438	Process not Found
2438	Process not Found
2427	Process not Found
2459	Process not Found
2461	Process not Found
2463	Process not Found
2468	Process not Found
2469	Process not Found
2465	Process not Found
2467	Process not Found
2470	Process not Found
2471	Process not Found
2472	Process not Found
2440	Process not Found
2438	Process not Found
2427	Process not Found
2427	Process not Found
2468	Process not Found
2468	Process not Found
2469	Process not Found
2469	Process not Found
2470	Process not Found
2470	Process not Found
2471	Process not Found
2471	Process not Found
2472	Process not Found
2472	Process not Found
2438	Process not Found
2468	Process not Found
2468	Process not Found
2469	Process not Found
2469	Process not Found
2470	Process not Found
2470	Process not Found
2471	Process not Found
2471	Process not Found
2472	Process not Found
2472	Process not Found
2438	Process not Found
2438	Process not Found
2468	Process not Found
2468	Process not Found
2469	Process not Found
2469	Process not Found
2470	Process not Found
2470	Process not Found

/tmp/4ae0d00d50a95510a4c0f8e5c65ace1e_JaffaCakes118
/tmp/4ae0d00d50a95510a4c0f8e5c65ace1e_JaffaCakes118
1⤵
- Writes memory of remote process
- Loads a kernel module
PID:2426

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/init.d/4ae0d00d50a95510a4c0f8e5c65ace1e_JaffaCakes118

Filesize
495B

MD5
8603805069de47099b15e8884a5f06a8

SHA1
3fb2edbe2e552aaa4f7b24a80978f3ebda7a952d

SHA256
55bbb05bc00168768113002fe40ae67557842567da3b245311ca5ea1454c349d

SHA512
57b0d7c01c0eb850a06c03b3e6b8e5ca24f7d959914ac2c55f0e80114eb3b3903df26bf4c23681063bb205e4b3b5009954a0fb17e4ee84f1bffeddaa026615e3

Download Submit
/run/gcc.pid

Filesize
32B

MD5
8b3611d7d3dbba4dbcf8f4ffc17c88d0

SHA1
cc37134887781ca62b4251878b4c2580acdc939f

SHA256
dbed2f3e32d6b1e5a1d2b27fe118f1ae8d67c07e6286b5f2084ef11c33c9e8d9

SHA512
54b5294aed28485e710b0e44815e47427de64b808e4b389ccc3c7e133f323526c140bdedbaa817f34e17e62c10fac36c729cab60ae217fd4c191756d5708d382

Download Submit
/usr/bin/axamflppbs

Filesize
611KB

MD5
c7881ed07111e61338ccb56d283ebf08

SHA1
222fe09f0ff6bfeb28054d06af139605f167b652

SHA256
521d92fad7f60b25425993611d3be8518c98050c7d49d5f3b23150de4d70d0b1

SHA512
00f8984344b7463acff37cbd08876fdcc02ee1416621a9a84484f3940ed0e4feb7ffd824ed12d6edbb0ee536bdb5b39e6b2feb2b0536545461e320e1d17b849a

Download Submit
/usr/bin/bukxzksrda

Filesize
611KB

MD5
95c1928de8395d9af82a7d16261eb8ee

SHA1
a693e78824e595e495abe53e7532d24858733f54

SHA256
209e61c14c0355a199022a50b209c804194f1bc03b455b608a0bbfee80d73679

SHA512
196522fdeef68d6896e728b2c4453ec23ae17d9f1d8452c4426da1fa374b21ee0102319663775cbe4f3ceda5f1b1ae7a9d52839fb023f66d8881939414bf101d

Download Submit
/usr/bin/dibylegful

Filesize
611KB

MD5
9666364c63a196b4f66fabd34c839790

SHA1
dfe0d1aff3db8347acff8602ca4bccf9a93ccb08

SHA256
6e093dd201d69380c6bd57210c3faca3079f9a61e7a9b58e700648d629845c16

SHA512
3a28726020fa04fe07044f6f96f23fcf23bf3336be445a263ddbc772cf7062dd421431d23932cb97f75e2009333c6b34f7e92186c297eeba079e039e0619dda3

Download Submit
/usr/bin/fdfzbmhnps

Filesize
611KB

MD5
3dba3f34504dc47c224f65e5843d3614

SHA1
26392132bb1f7b908fefb32cf0da65ea17ad38ae

SHA256
bd88606e834a8be765f583f9b546f5df335c01fdb2097d020943d1542c460b27

SHA512
edad645ab8c3bd370645cd65b7aca028b5ba63f07cd6937b73328c8a3dd848fc1f8e60bb34615b590fb182bc85693394a8cfb471f7f189e2fd41b52134e4b757

Download Submit
/usr/bin/fffkqaagag

Filesize
611KB

MD5
09d6cfaf750e429cd88854b46f9f42d5

SHA1
a629dd0b80e38ec2a81b39896b03e786daff0f24

SHA256
0825287a998b39f0b70855b0d135e7a983053a0d27fa4fb7182b8d9fc821665c

SHA512
b122cd09c5662ecb742e27d642e26fd79c1996c7895dd22d2f6a43b536ef54f0e350e6b7ed68b17d4ad911eeaf7658c6c001d54ae51f6de886ca740f62f36552

Download Submit
/usr/bin/giaswbvmdc

Filesize
611KB

MD5
784855a7ac8b6ac8c439d27efa1d0d96

SHA1
35804c80ed96d39bfdee5717604f36ca367b0227

SHA256
d7b127fd044de3e6e1e1c2a8a54ab5d6c545bb591d1b03366f9038970ce5e9d0

SHA512
e5c05d09458a8fa132435c6a23a685edb55dd5c32ddbf584b58d1267ba8ffe7afca7af4828aa182f68ce4229b656032951715110d44ab77c2c841e6e3b91ba28

Download Submit
/usr/bin/gmzrcdrouc

Filesize
611KB

MD5
de26a6c3158679018abc011415b28f02

SHA1
ddeb513494d4936e712a71c83be7fd3f897f38c2

SHA256
3e3578d7f89fc24569ddf12b63e7499c405f74f9ab5084cc44609d4767727521

SHA512
89a2161f2f9bc6758e3076652b160d9268fb9ec474347d659733eea004b1eb88805bf0c37885f61d305a8f2cf7a1a3bcbdeb7d567c9b026c44b6066d1bd68122

Download Submit
/usr/bin/iybpmsrgxj

Filesize
611KB

MD5
f5c72d13f91d2cd3471aef28dee66ee1

SHA1
a77673e18ad43144bed872b1910d560b44b412f2

SHA256
cd56570c9980419bcd7da3dc0199571f5fd56665fa425af0a0b671e8c410be8b

SHA512
f8e4e58fd33ff9376a3f0c7724193b004a504ec2435bb8d4ae14b3e7eb97c1221b080b7b7eb9be77a7740a0d46f5c04d0af025c6c58b9718e7915ce24b83d863

Download Submit
/usr/bin/jmkfzetjmu

Filesize
611KB

MD5
9d2e9678952cf7b9fcbbbe0e0c75da2b

SHA1
bf71992ccef906b6aec7a590c916af61f8e387d1

SHA256
242c5a8f217b83584af62b14803edcd814d892fe327899bad7a6d350cfcb28c1

SHA512
728a701eeabaeb40f0040208b14206dbf0a27e1879ed1b0e9d65fbfd24164ea28da28f2ed16142bea72ef9724d5ad4d63f0ce3acd7c48009b106efdae98204f8

Download Submit
/usr/bin/loihhoxosd

Filesize
611KB

MD5
4bfe0841406d552e5a9ae8d5e31967fe

SHA1
0a9aeec20115e2902a17caf11954a919ce10d51a

SHA256
8cdf228488f94ccbf54eca950ca2901fd46a3b8ac8e40096dd5e6c4cf8317a00

SHA512
0e17e9b4b079816b91a870e199587903f10d2dfb2e78c905473a2f6e0af1d07c080a4a82d62fcce4d21f219dac41fab24383377dff23684160b75ff3283b2806

Download Submit
/usr/bin/loimcsumzb

Filesize
611KB

MD5
c97b14897732eb29a6053c56c59e9d27

SHA1
16e97c349147b27aa6f8776291a5c649857a9c65

SHA256
43aa26aa5bcbe4613005846664a32b3676c05aaae7aac44ae0b62311a85fe8c6

SHA512
9095d6b5867afb61dee82c693e28a031ad9cae910d033e79972b3f7b7eb43493c395e26e0c4be7f72b044add059441c41f7079c856772464efe8e428289c548b

Download Submit
/usr/bin/mbvdbbbyjt

Filesize
611KB

MD5
170b98d2d9d197c6009a55721600acbc

SHA1
0569f9e7895503260c65f0e327c013f6e0abda26

SHA256
753b4459dce6e90aedce896f5b00cfdcdc24ef4b35d06399d4d7a1646a755f61

SHA512
30a577277b27b1a76d8b4932ea56f9c6fcbe8ea992dced687e9b147534d3b03bc9e4e5899244e0edc7793be096d84334105d363e11aa0ad633a84e353a793be8

Download Submit
/usr/bin/nobymrajoo

Filesize
611KB

MD5
10db1561a62b19fafe873833d3d41cfa

SHA1
8b97bbaba7caf9b475a3e75d5b5802fc1982b2f0

SHA256
8d16e4aaa88a585924ebcdb694109f4f8e3cf85aae3db9580488abe614016cf8

SHA512
4511d2ef03ce83c667f4e2bf74dffbda842547610c8ad7dacbce2eda3904b638be7b37500af0362c87ba92048088d5ea4fb87505d9380090c9c65351bf6319ee

Download Submit
/usr/bin/nouktppmeq

Filesize
611KB

MD5
22e3294d2c5ff2217b29ff66dbd0363e

SHA1
361885d5d3e8d9fb628c33b6480264794ec29eb7

SHA256
1807bd32c707a69db099497e1dff378d7f651d4129cb97ee62a27c607bbea313

SHA512
41d1e5b41871a7255e0c9c027ce2291d42c599eac164063d1fc6eb06d20d4570c0f2dccd528f6396662570bd3b9c3874cbcfe9e4ae3fe7974a299131535da7c4

Download Submit
/usr/bin/nthjatrdsw

Filesize
611KB

MD5
f827def6d53c9309ede828ad5f269d16

SHA1
ddd070162bb20eddbc43272d952e5f5cc68d96ad

SHA256
71cccfa7fc7be87409ee85c589c064b03b08d28bec6dfbc85552430ee4905ee6

SHA512
664a41e1a616d99fe1f662a49901036e28b18a2cfc75bbf3f6a04665ac761d61018b9d449e9fc21c4cc05de772d4a91b78df6c9c9f96bdba34d9587a146b9a4e

Download Submit
/usr/bin/qsysrwwsfe

Filesize
611KB

MD5
3b7af4d1f0518614e37191be70e88143

SHA1
f6ef7292b44b3d70729c1d12ec65b4553c288e5a

SHA256
f71fcbadce03c549ebbe46ae57f47973c6337756cfdd56ae70ea93b2d1004189

SHA512
8b5ffa96066dbea5ea9fa3ff92894e32f523423d21d2cd831eebd6574c34e197e54740a63cf72932b7f4ffff59df6ac0bbd01215e3173444c256fbc63017e675

Download Submit
/usr/bin/rdgtdwdssv

Filesize
611KB

MD5
932509f0509d1716b114f167e1aa3f71

SHA1
9af0c80c34dd4cba588e0c389afeb576e3f736c1

SHA256
1c7a384b644e84726562ef60e5363b9955b5a5302b99d36108b656088fd82ab4

SHA512
aee58790260fd1b56d326090e3eae7b6e893d086380599bc38b3aeed156cf91b3f8c09a73bc46a2f4d3f4be1ae43e3764cc963619e7543fad668cb91031c5d1f

Download Submit
/usr/bin/selmogkuzj

Filesize
611KB

MD5
66e49a0cfc7743f2482cabcb5d1f5fea

SHA1
7235bcdbbb1dbb303604960999b83b76e30108be

SHA256
333814332a1f649defd2c4e4a743a2110745ad98b29cbde41bf097bbfb12e3af

SHA512
2f4e3c4413026a9df3c2834108f32d379738235f988c7216370dac14f6c634400c966b1bb453cdd5b17849d5fdd1e304027251da4d825df8be57d118032d9d33

Download Submit
/usr/bin/teokrlkewe

Filesize
611KB

MD5
dca57f5a667891c62a185eb4ff9eeb1d

SHA1
42ee2095a6b8fbedd145a3e0630936348344812e

SHA256
519d1227933bc5630cc9ec66700d13ee02d7c8e15212d6f562625198dffc84f1

SHA512
fa3a6e1e9d5b7ab13c46d80c5c1c55c8fbc33ffe1d8887ebd3eda64c1262dc1cea7e19bbc798e3b469be79faf6fea31dc2909b2d84d86e5f475d9c759fe43b19

Download Submit
/usr/bin/tfeqhgdyiu

Filesize
611KB

MD5
4be7f57600545c0bebbc3d58454a38a3

SHA1
97a1197d054e8185991853ad880e7a965092e023

SHA256
446f28a7397385cee7294549580baeee340f155fb593f62d94a9870f83e621e5

SHA512
58a539825ec559e32887ca71f0d39630bf0c726eb072196e7573732d730797661e96926100a643f75e8bbef35430ee43f25d96ed2df172cd9f01283601ca4918

Download Submit
/usr/bin/ujblvjdpyz

Filesize
611KB

MD5
a66e6f89a7f7ccfde68d4e12335e0e4a

SHA1
725ff0f9bcebcd6a2204495f4562fbf77ca5adf6

SHA256
3cb5d1fa3c74df29ee22418b28920723cee1aba0ef7d3b894bf33928f6866d05

SHA512
5ec096005f1cbc1ea8bce7447fe53f1e4898a1de4a3abe06cbf7b32fd68f19f7d5577fd572ff79ec41f923b645ab4de5de08a1386886a88378687ab90c8eb8de

Download Submit
/usr/bin/uvnoznidqe

Filesize
611KB

MD5
32c0f2cf20e5ed1264c1b4c16465acee

SHA1
87c3698395693ab52a44ba6ac9288d8832ad30ac

SHA256
ee36ca228ecb1ac1cebe89ade7dcaeba33f84faa05cfd31b51279e890a34b762

SHA512
1ecceb5cbf2f3e72d7250930e8db2fca1a5424d645f47c3bb588de712e5e27394d1f9554f820e5c210526989920808f23360273f0f016e450931c52e2018a9f7

Download Submit
/usr/bin/vxfgwtcitq

Filesize
611KB

MD5
304aa818400825f1cb62968327de7872

SHA1
0d2c2d7e9da7b5d8d7f99dc70f9d3243f5cc034e

SHA256
ecd77c5c93f86b2cd63e6bb1a3e9c6aea1359dccc71f26d05920739fa4c8e8ba

SHA512
7a467a81df8653ffa5e46ec5613615c318da64fadbe6160787db8206ce6c7ea2a22e3ed29e09a583f2d8941462f67085545e5ddeb10d9fb8b12290897e4dfa9f

Download Submit
/usr/bin/xcebdcogrx

Filesize
611KB

MD5
a66a94b5849f764021abc54f5ef478b8

SHA1
2916eaa62fcaef4de3ec0d4045864617fd2740c8

SHA256
3246ea10852e0678d76b02b45a97136f5dff2ebe476da13cce9cec6ec6344723

SHA512
994f2c748baf3b6163f0b8bd2a55af3c590a5c614a0bac4741fc753c3b916380c350638ada1b769c4fd4792793b2d686c367690a5efba67a322fc85e97e07419

Download Submit
/usr/bin/xcpcjjlgpo

Filesize
611KB

MD5
c47beb5ce3a85a26960563291e470c02

SHA1
302b37d2806652410b5bc4549fadaf4cc381acf6

SHA256
bcd1756176dc62b6c8a9e43cd26c633ad878b765f14b1ff49c3c237692c74c6e

SHA512
492675726410ee47871d0096d80f5179e4851a76b86c9580d7bbb1df572725e0186aed8a5617877478fd2e45c8e55c4ec1cbcded61cf36520393024ee09fb729

Download Submit
/usr/bin/xcxhzojmvt

Filesize
611KB

MD5
ed8ec94fdb81df7ada09607e9eea8a82

SHA1
eb6e27a77ccb90c577938661fe037adbb33a6c1a

SHA256
f1705a757b45da290d57ed8eaaff16d8a50a9fe4a5bf3075c49cd308d418c296

SHA512
751fb911d85875fc3c31ed10fcc9fa60573dd88c8dcf8864bfd2a188403ccc39ee8a4ae44b59a7c5a9709b6d17d1426371101a192afd2db42d0336ebd989c83a

Download Submit
/usr/bin/yaqthjkqfg

Filesize
611KB

MD5
7543e0b83d9ac6a81495da264308421f

SHA1
7929d4814c0527b78bac875533a0bd93623fa2dc

SHA256
1d5c7d76d217815c4ae7fa820da312ae77910fb4327eb5d5975b306893276d22

SHA512
0a6b95ff5ce40c66c299cee8a2c678d8ee0b059f179a91b9424a620721c0686bbb80667ffec889652104a3808cbb19efd4db15cf701d75a3569e014afd8153c4

Download Submit
/usr/bin/zbkbnslhmk

Filesize
611KB

MD5
1f96bc5308318fba5050137c2f081ccf

SHA1
359e74dbd876fe6afa3dfd03a04291e61661277e

SHA256
009ff012234a25f77ef909cadd265241572b55d9b475ffc24ec5262ee77dce43

SHA512
acbc217e3e5f55879143146f6b8dca4e04336e78b475025a4b4977ee67187464edfc017ee885c6a6009649c584a1bf5010198341e8480ec8ad04c4276e56f660

Download Submit
/usr/bin/zhosuyfwqj

Filesize
611KB

MD5
132170c10cc2eb2f073c86a5d85fdc56

SHA1
fc077d804e25f125983ecd74a42d2c80a884ed93

SHA256
28fc1c7ff1ef18889572431524d6f50560d77b072f2b760bd4b14f8c2586c552

SHA512
db46e35a81831de5e99b07cf14b28cb1cd0b89d18173ac55ad6286adad78f217c4c386fd82a491ded541968e57bea41b8855e76328c40594a283bb8c5563f4e7

Download Submit
/usr/lib/libudev.so

Filesize
611KB

MD5
4ae0d00d50a95510a4c0f8e5c65ace1e

SHA1
af220a1c460d51af08a6c2ac1125521c4930fcdf

SHA256
c9b7f584ca01e4cb186128cf60ef4cae7929aa13d3f5a883a597743fbde3dfe7

SHA512
14e3c887fa53577fba90be308e82b2c16599e6cb85434e5d5f432fedc2a8b014701878b02bd19da215b5827c66c24758ce9c19c57ba4a482aefe99cec87bb676

Download Submit