Extracted

• • Target

    5de386b209befcb96c835a048b3fd178_JaffaCakes118

  • Size

    647KB

  • MD5

    5de386b209befcb96c835a048b3fd178

  • SHA1

    c701990533a21d5aae6c0067c475ef2d02fb4f16

  • SHA256

    84e40a4e1e02a719aa93c734049c96bae0cfa6d075f47d64b63b84eece3648d6

  • SHA512

    085b3d3b78896f8a11279d9c53ef433c0c620c02db5e79a162908738f652dd4c64e485a72706974fa4560ca5f67daf8ee30630a84bb27bae430077b2b29dd50b

  • SSDEEP

    12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Tonjp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mj6wvnDWXMN

  Score

  10^/10

  xorddosbotnetdownloaderpersistence

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos

  • XorDDoS payload

  • Deletes itself

  • Executes dropped EXE

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence
  behavioral1