xorddos | 2815c35a00c6abadc22aa61b888cb144bc51458d08196794f15d06851d185b1d

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
29-07-2024 15:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

50b176dd2a0888bd18ff13bf7484077c_JaffaCakes118
Size

611KB
MD5

50b176dd2a0888bd18ff13bf7484077c
SHA1

d1003213ededa07c90bc5d190182465d27bd626b
SHA256

2815c35a00c6abadc22aa61b888cb144bc51458d08196794f15d06851d185b1d
SHA512

3cbd17bfa60dc8e2459776da1c12eb631f1dfe5a7be42254b4daa47b84760bc34aca326bca79bc44cfa6e43bee61c54df50f2ccf1cec398d05397194209d5b97
SSDEEP

12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrET6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNEBVEBl/91h

Score

10^/10

xorddos botnet downloader rootkit

Malware Config

Extracted

Family

xorddos

http://aaa.dsaj2a.org/config.rar

ww.dnstells.com:80

ww.gzcfr5axf6.com:80

ww.gzcfr5axf7.com:80

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 30 IoCs

resource	yara_rule
behavioral1/files/fstream-4.dat	family_xorddos
behavioral1/files/fstream-5.dat	family_xorddos
behavioral1/files/fstream-6.dat	family_xorddos
behavioral1/files/fstream-7.dat	family_xorddos
behavioral1/files/fstream-8.dat	family_xorddos
behavioral1/files/fstream-9.dat	family_xorddos
behavioral1/files/fstream-10.dat	family_xorddos
behavioral1/files/fstream-11.dat	family_xorddos
behavioral1/files/fstream-12.dat	family_xorddos
behavioral1/files/fstream-13.dat	family_xorddos
behavioral1/files/fstream-14.dat	family_xorddos
behavioral1/files/fstream-15.dat	family_xorddos
behavioral1/files/fstream-16.dat	family_xorddos
behavioral1/files/fstream-17.dat	family_xorddos
behavioral1/files/fstream-18.dat	family_xorddos
behavioral1/files/fstream-19.dat	family_xorddos
behavioral1/files/fstream-20.dat	family_xorddos
behavioral1/files/fstream-21.dat	family_xorddos
behavioral1/files/fstream-22.dat	family_xorddos
behavioral1/files/fstream-23.dat	family_xorddos
behavioral1/files/fstream-24.dat	family_xorddos
behavioral1/files/fstream-25.dat	family_xorddos
behavioral1/files/fstream-26.dat	family_xorddos
behavioral1/files/fstream-27.dat	family_xorddos
behavioral1/files/fstream-28.dat	family_xorddos
behavioral1/files/fstream-29.dat	family_xorddos
behavioral1/files/fstream-30.dat	family_xorddos
behavioral1/files/fstream-31.dat	family_xorddos
behavioral1/files/fstream-32.dat	family_xorddos
behavioral1/files/fstream-33.dat	family_xorddos

Writes memory of remote process 2 IoCs

pid	Process
2468	50b176dd2a0888bd18ff13bf7484077c_JaffaCakes118
2480	Process not Found

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
2468	50b176dd2a0888bd18ff13bf7484077c_JaffaCakes118
2469	Process not Found
2475	Process not Found
2469	Process not Found
2469	Process not Found
2481	Process not Found
2480	Process not Found
2469	Process not Found
2469	Process not Found
2480	Process not Found
2480	Process not Found
2480	Process not Found
2480	Process not Found
2480	Process not Found
2480	Process not Found
2480	Process not Found
2480	Process not Found
2469	Process not Found
2480	Process not Found
2480	Process not Found
2469	Process not Found
2506	Process not Found
2508	Process not Found
2510	Process not Found
2515	Process not Found
2512	Process not Found
2516	Process not Found
2514	Process not Found
2517	Process not Found
2518	Process not Found
2519	Process not Found
2483	Process not Found
2480	Process not Found
2469	Process not Found
2469	Process not Found
2515	Process not Found
2515	Process not Found
2516	Process not Found
2516	Process not Found
2517	Process not Found
2517	Process not Found
2518	Process not Found
2518	Process not Found
2519	Process not Found
2519	Process not Found
2480	Process not Found
2515	Process not Found
2515	Process not Found
2516	Process not Found
2516	Process not Found
2517	Process not Found
2517	Process not Found
2518	Process not Found
2518	Process not Found
2519	Process not Found
2519	Process not Found
2480	Process not Found
2480	Process not Found
2515	Process not Found
2515	Process not Found
2516	Process not Found
2516	Process not Found
2517	Process not Found
2517	Process not Found

/tmp/50b176dd2a0888bd18ff13bf7484077c_JaffaCakes118
/tmp/50b176dd2a0888bd18ff13bf7484077c_JaffaCakes118
1⤵
- Writes memory of remote process
- Loads a kernel module
PID:2468

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/init.d/50b176dd2a0888bd18ff13bf7484077c_JaffaCakes118

Filesize
495B

MD5
cfa5fcd81d422515aea8f393e7647bd2

SHA1
50b7f595d0fa006602fa0948e0ed91fd807e6610

SHA256
d0dd47746a094c6da014a6f2d03b9906e5d1fbb408cdfdd527728cd58bb472cb

SHA512
34bc606a479980b052b4d39301e7cb7c4653c45af085e898472ddf5ab9aca5ed2fa67ec1d7e1618a755280387eb8613017575330a640b5a4bc51b5de98a9cd8c

Download Submit
/run/gcc.pid

Filesize
32B

MD5
01cb2f9e7e1bc7ce75ba8960bc0840e2

SHA1
24ead2316c7fe9c66e6fb3379ac44eea0a5d88ef

SHA256
b1d1cae1ab7b7ea68efd385f265ed72a54ee4ad7ab00ad78e20f70e180a8e428

SHA512
097f47fa718d6f6666be61c8a74bf87a3e76a22e71d96dabbe09bfff946669b7cd5e13893fc984d61e1cf1c9f497d4a9829de7c064b521520d33dcd9820d5537

Download Submit
/usr/bin/awerrkqebj

Filesize
611KB

MD5
209eaa9a94d8432b17ee8de2af777bb0

SHA1
d5d8223d4ad31c9c5f9a807690e585b5747048ba

SHA256
60a4063f50fe2b5f3368ca0eb4b5d18ec95871a280d6b35b009fa3fe5b00e13d

SHA512
2549bf17d1b247a5c89dcbf875f34427aaf921fa1dcc33e6c1ad93d076a728483e0f79ea78cff62d4294615372f575f4add40be051fde89577f0a9f0011a3f6d

Download Submit
/usr/bin/bqafuzxzjm

Filesize
611KB

MD5
171f17d2f521565e9d0d262afa066a1c

SHA1
2c6cd9f880f7d278aa36c76f86e6f1168c421480

SHA256
8632189fb56fb22ccc92293a03ab8c3652e1a1636f93996ccfefb3c7788381b7

SHA512
b80ab400295b4cdd05310e4cbdc3e5b4b004cdb0bedc8a1b9c3832579756d7a83620e11088d3815972705256c9cbd11edcd4790bd56cac07586fdd1d02ae10e2

Download Submit
/usr/bin/ckxniiyptk

Filesize
611KB

MD5
4aa184423dc85e81bada7737a003f4a3

SHA1
6658be01a91edff333771f3d3837a62c9adfddb0

SHA256
95655b9bb85c91ee1683ddee1d40e854633a86e72edbe33675f18a825cd458c8

SHA512
f0089c19c75fa875f3f63146dd917cf49cb8184b715a04cdb3429d893365a97f604ccb48e88df3c85df88f676ef2e1533237ca0f40c1d4417ac6f8a4062ff8d2

Download Submit
/usr/bin/cpyflmmvha

Filesize
611KB

MD5
e5282c2bf502fe51e0fe6b40c2c82bcb

SHA1
ff2bc3ecb4ed047a57bb0ec069db6796cefc443b

SHA256
59372b437f941fe318d0171315711a28a4c63b68bf5008976c1f2c2324771078

SHA512
391891dbb8329d5fc2217efadc9155b8d4e236f26ae354ad14c6060edd2291ddea32bd2c57c29fe16f95b93b0d752796fe27dfce17bc75958c8df9d5fc1895e8

Download Submit
/usr/bin/cynituliwe

Filesize
611KB

MD5
2f784aaf29b63c3d3f508c2d779520a6

SHA1
3c1663acd870fc05aff0ae8d970668ea2ecc3229

SHA256
763692ac9fd12a01f7d202eb3526aaba034c3fb068ffac82af6c1b8e15494410

SHA512
3e41bdb2b73e72b95d395050115672a1317a6f0ec4fd4f900ff7bc775aa375931f388b90e30d2182736f136ae1a1840ad969231aa4e7d4f66a353e131848cc09

Download Submit
/usr/bin/dqmjigzqgh

Filesize
611KB

MD5
eaf26af3c4abe94d07cdb7e643bf5776

SHA1
8e1381822d58293b0a23e1b346f2f2d1b51aeadd

SHA256
b4fa2ea0d51defcd4f46098aab9ef3a4673d991b9718027b1cc9d7e8eab26e25

SHA512
9b0abc154f0c6d6341b82522767014ff1315d3c7dbf06ddff7fe335f605f7adbd82bf0ee33bd2837ef482a4d42c0a49e43150ce2d3b4c807c08952df85dc367b

Download Submit
/usr/bin/fdccgpbdex

Filesize
611KB

MD5
89e9fde03cfd083eedca02f8ed5e7383

SHA1
b928ed75a141267ef101dccabda57690403eb295

SHA256
9a1b3aa8fcffb668e8c83b7eeca9368a708d5d410ec332333fd08b1fbb19b364

SHA512
6190e713431a74917da9ac139927b6f0756075fcadb3566fd50bcbf8acf4256618c3d70037935044c5e7cb7b65fb0545c6c59d7ce7e0fc59a38cac940c9d6633

Download Submit
/usr/bin/fxpztdxkyw

Filesize
611KB

MD5
87a77ee92cb5486fac7c09abb368b312

SHA1
7a91bca47dd05afb36181fc909d0830da422e889

SHA256
2c347468f4737192e06eab4b4b7a73a25bb7c761b9f58e4622afe347f5d1e256

SHA512
69b213b97be789206d8c04dd370bc359def5868847e24fb25692374d535388f57b961364820f54489c95e452533d3fb422a30ef583c46211fc46efa79eca0d81

Download Submit
/usr/bin/gwpuwzvkvc

Filesize
611KB

MD5
7abbd79798a23a3028e35093c70d5a4e

SHA1
c04eea5954e8e0ee8f2dd657122d7e536e20a90e

SHA256
48c3f4562453da9362579eaeec9d998cb7a52ab9adf212074b951b6e31386d7a

SHA512
dcef493ebbcc106b71cacedb3c8cf9ed78406f7a34cbdcb0afeb7e71058a60f0f0ee4ca682bb68497ac6a6c40161b89b466b5e41f0cd550d3828bc749f38e61f

Download Submit
/usr/bin/iefbdvrfdu

Filesize
611KB

MD5
b22f8816208b1e47ea7cb2a4a8a8631c

SHA1
5bb058e590a12126ec1f04927e104485fc0a6568

SHA256
a1132ac656eb0bb173cdc4e573cde66c4f6d1e8a6c5f77fc8b124bcd50fac6aa

SHA512
36bd0330adc68f67af588ed42d1c4b639a4c9fbbfba1046f04b4dbf7a0b841aa38eaa4832b0604b77d24b28f1676ba828d37e74263ab83813c24a23517d71edf

Download Submit
/usr/bin/jkhybsdphc

Filesize
611KB

MD5
316691f50b36e88821cb20ab6b9fbc71

SHA1
9c4ae5508a71dbd8db93981469265b97e3fa8188

SHA256
1889103bd4632c270b59e29644f54bea8fa1744ecb7282c009773ca1cb57eef5

SHA512
9834f406c1e0be12c346d3e663999e372ef3661262497b2001a77fbe26351a4b2156ef92ec720a991fb2bbfc1843c5393078288a28ab1ccf6f6bc3d73fd7af90

Download Submit
/usr/bin/kgzajdjdcb

Filesize
611KB

MD5
c737349d32ffdd5aa3bdc70c7676a020

SHA1
a3969e71ce9f54d30b541b727666918897780031

SHA256
8745739d2e4ce64ab97a1e946e872c8937bb145a091edfb3c5891ee16a747bf9

SHA512
eaecf613d73d5a40a93035e5feeba483cc25e08434fc10288732353a58d6e0ac96b61adf073d5e3acdba178293bfd3960acf01967f446c84b778cd64705a7ec0

Download Submit
/usr/bin/kjlqirjgqx

Filesize
611KB

MD5
84a230653b6396f2593d733c22983aec

SHA1
5cc847f404c1b073ba87583b1805aa5a084b202d

SHA256
d9be44f7138455b709831198fd007eb7bf823d1b23a95a0e78ede21ddcc24a3b

SHA512
7f71e3ddf5f1f8d7b9e7b3388a877882e27a98eb435475adb9b105bf71378ed3f26ccb7abaac3c14d829624713e4ad5f1517ca112f6f18cde59b442694591b19

Download Submit
/usr/bin/kjpvopadcy

Filesize
611KB

MD5
539eaf71aa60fb8ba101b6cb6996b8ed

SHA1
734b22b05f544f58902765fad6aa43ddbcf0876a

SHA256
c38a1ffb1cc1f94a96de71f3dbdade48c022bbdd7a1cf0b8920256b937a4896c

SHA512
25b9c44d70215485d1dbd637eed4aaa019c8b010a626f21950f2d5dcec67e65dcef1557e76a05aa11837590d9bdd38292e7586ca154e6b2f6fe53690525d5fc3

Download Submit
/usr/bin/metywtaudy

Filesize
611KB

MD5
ef528ff459873be61aaae77792ca24e6

SHA1
c791bf4b48f2da40aa161897aa2117241bc0dc92

SHA256
1311d735fcd222df4422f762fb77ea21670514dfcc66b03eda6e869fae326ed9

SHA512
fcdfe6ed01825852d1751d41a77b8c8b968aed9ed4fed1962afbc9e79fad9877f6301979dad9bf4bec8045513003b06df55605d7da01eb6c85ee009b7d7afd64

Download Submit
/usr/bin/mwtltnvdyo

Filesize
611KB

MD5
1fb0b2afb62ea1518883699e2fc2d6ed

SHA1
2669bb55fb7703796ada448578bc87374accabf2

SHA256
11a75c8b013a56203f58fb2aca2c53182924c390c01c964df332971e14feeeeb

SHA512
3e624a121424a93623ca731c99467c5141452fa35f3d62249be1e29961b08586eedb096944503f983a9dcd18d565154ccb3a6a77140b4c70ffaa9239f6a869eb

Download Submit
/usr/bin/olffoidvsk

Filesize
611KB

MD5
e52ee764e78996f05269ee024a139d85

SHA1
5ebf97b6d13c5ed0b71044b6f2fb068455343963

SHA256
526164856ea28bf1179c30598d4d33b2fc725ea42dd44bba35016dc0edb9dd51

SHA512
c9aec5cb9de80850b404a48ca40effb1863eb4cdc79aeb17d285282d45d5760981243311c8a6affe34fb7c1ee799634f2e93099d7c8ee899688654b4cc7ddad4

Download Submit
/usr/bin/pujcfkthye

Filesize
611KB

MD5
599e034511d430bc51150d7ec050d487

SHA1
320299ea6bf440a2ddaba7c47b02369746161d6f

SHA256
c5cfb23f0f06f21bb48a98fc007c29ef285dce544b71bfd824b9efe54b86d3f0

SHA512
c14fae5c9d0ed01d18ce78a32d0576d4c25451ff4fdacf2a7938e1fecfba9fbe0618d7afe81ed489c61ab335f2727dd24ae7e61230057e65c9cbb647af114658

Download Submit
/usr/bin/puuocqggrs

Filesize
611KB

MD5
bc61d784d963dcb80f51f5dd11a55805

SHA1
852dbf12ebef8290816c57d6fb060f7300eba5fc

SHA256
6e08eac4fe7ec2284fd95c0c8155fc188d6cdc86ffc631d610c1508f9db78752

SHA512
cceae75e3685ca20f14d535fc7ad8212eb4d39f1b34d884d57326847b18e2dc482059cf2ca9dc9ad23897e175936ff742516bb9cecb341650767dd0c7b1131bc

Download Submit
/usr/bin/qbfivdropm

Filesize
611KB

MD5
641fabad967be40ebe0ce5381ae23842

SHA1
307f166df77d4d2effd8ab8272b8b08323cd6709

SHA256
d8abf2d77042ef9b58161e3632a4351d2b40c7e313c0ae65162042c55eb7e550

SHA512
b59ed2ce5189196e1adb3597a8957fbf9a954265b3c0186b969af9b04ff05f2813459d124722425f631c0ea52fde5adbef7b90d46cd840d2e317aa80398b880a

Download Submit
/usr/bin/qwoizzzusr

Filesize
611KB

MD5
916aa43161db9ee00a11335a1e4cdc07

SHA1
257504458198e0492922ddbe3700d37e322d1d0b

SHA256
f887b2af2ca68b708fb57776dd33200faf4cca07eba4121f903ad34c255c4ffd

SHA512
85ceb305fc19fdca0486c2c70154c33c0c393fc824f70038b392688fc549a2b0e17b6b78233db35bb4464fa539c6dc4b1912f3f1560246ea2fd0e3cbe9f2237e

Download Submit
/usr/bin/rgxeruplaq

Filesize
611KB

MD5
971f55db4a4bf8d13abddd485ed2d03c

SHA1
3d69458ab07fcb4f1bce41ccc49a7dec6e582285

SHA256
6c7c2f0f74dcf178bb5f0f13f74184b76e1ccf5d15330a477f4945832ac2c976

SHA512
5153b2b4eadf50c43ef1eddfcb3f256dfeb00d33f0f6aa61684f3c8bae2d02e6ef3cadad4b12b1c70b2d23952d165dc22337fc01b962f7e4f0b5880ab8ed2781

Download Submit
/usr/bin/tzoyynilal

Filesize
611KB

MD5
6628eb58d213a765dda3e2ac6600a354

SHA1
376f40dcb78849436969c1318b70510d55fe6d7b

SHA256
68645e7ac32b715aeea3965b9b98d1a1ce4a3c17335767bc9d147859587ecac7

SHA512
1d801cdfef7790889b03b5d7bb7bb5dcacac8d80a9333a2b64aeb30e4acdfa74187b1cfdcdc64a484fe5e4fd91ce83875e6c1f6057caa5ea57db378822187272

Download Submit
/usr/bin/udcmjxhcai

Filesize
611KB

MD5
48c49cc104c8f515808bc85ddc371647

SHA1
e59f3cdfa5a99ac543ae7419369b876be33546a7

SHA256
c8940aace20f2d2f4e0060411e08b0d7bf7017d1abcc45017e09bf351223185e

SHA512
f28fb0872f3da28803eef9b2ee8bcb65bd925d26a9ebbcaa80c279f8833b9633f159718f4142acfc73f01666341f697139a321059a490458a73cd6b8e5b11805

Download Submit
/usr/bin/vmynlwmems

Filesize
611KB

MD5
bfa3ba84e451637f20edbfece388f05c

SHA1
357f8e2e4af41933ab8774306f7f9a71ee29533e

SHA256
f1de0c6b9c645d34b31dde1404fe4afc723b1ee03c7f912fcdfafb69a7dbd197

SHA512
53e8ecf0faa7d1b477295920b2c5a20dcdba53b7816bc4d8e7094355f20cc63afca55ee513d492535a79af8d2065dc466149fd405d89980f9c181e4bbcf460a8

Download Submit
/usr/bin/yimxqrnbsl

Filesize
611KB

MD5
44c2c47b7c56cd2bb4bb422c984d1aa3

SHA1
d48a4e4df6eaff476580808cc77bf07f16d9eaed

SHA256
7f26eb1db750342b303eaf59d44a8a4e4f8a837f41f6ac1c1aa41a934ebcb0c0

SHA512
bf185a082b1fbb1fa217b0e39216434603897d950f273e7efadb38c06dcae53659c198aedc4f622b0a219ef58f102076d32c8e4d9946575eab59994476c138e7

Download Submit
/usr/bin/ymwtgardmt

Filesize
611KB

MD5
1c33be0379de20bd1aa6a42f5df55799

SHA1
029b0609e5c5ba7991797aef7e1e79d4c14f0495

SHA256
67ed0d52fb76b7f49916eb86ec55befa6adb01f06662dfa75f7dd48a9f02de5d

SHA512
247ddfde9b3c5ab3b824051acf446ef7749255b157ce4e3de80b1bf4cefae2cb62bae69cec91d64938005e0d1463d51dcb7c29425af1b50671d610c1e252e504

Download Submit
/usr/bin/yudcghfgkm

Filesize
611KB

MD5
974711b4813798bb7f5865a9ebc0de34

SHA1
09c0cc3cd36f6d0bb31b9e264f028e9c31366919

SHA256
a483acda14a3c79e2e8a25114325e01737fa5016fb11617aa4ce0266dcf6310e

SHA512
bd574ef42c18e150727ee448b8e325c5c0277f5c0e9ce3f46a53e64aeb58543207f97b16320982261eb88fa3a5c256b989ae143863f2ae1024ae0fd24b261c93

Download Submit
/usr/bin/zhnrtufoym

Filesize
611KB

MD5
3202af174b5bab9280cd72286cf923d2

SHA1
100713f876d1eb7aef448a7eadc8df5f5d9a97e7

SHA256
9d206c7aabb7f4fe841d979651006ad15671aabd1120c849ed6780a5a789de84

SHA512
d3d9892f554313d91042db0091764070bda228a0bb267de6ffc5bd97ef0e840107cc14d3ea0a472fac138b87af51a8e204193cad4d7ab90277675a5baeb50d81

Download Submit
/usr/lib/libudev.so

Filesize
611KB

MD5
50b176dd2a0888bd18ff13bf7484077c

SHA1
d1003213ededa07c90bc5d190182465d27bd626b

SHA256
2815c35a00c6abadc22aa61b888cb144bc51458d08196794f15d06851d185b1d

SHA512
3cbd17bfa60dc8e2459776da1c12eb631f1dfe5a7be42254b4daa47b84760bc34aca326bca79bc44cfa6e43bee61c54df50f2ccf1cec398d05397194209d5b97

Download Submit