Overview

overview

10

Static

static

10

696238c4be...kes118

ubuntu-24.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    696238c4be30b209c5a724c48e51575e_JaffaCakes118

  • Size

    537KB

  • Sample

    240730-afyj3axgnp

  • MD5

    696238c4be30b209c5a724c48e51575e

  • SHA1

    f2df00d4f8eca4605f6d5c8b06719fe5c9bd3f20

  • SHA256

    b8287196a4a9ca805698ab5dc377f275340552c70fd04bce08dc11ea48230e1c

  • SHA512

    ad9543b64653b61d6d0376ea9d16a49ba6b8f1eeea768c6caa5df9bb2546b5d10f3952545e4461f1bae1fff7b562084a1bda90132a3d59e52f48f81d96a75950

  • SSDEEP

    12288:ISraVbNYn/gpq5xnFeEu1eZ1gVcxfwbuHvh3u6yp5k:Im8bKEWt0EucZ1gVcxfwa53U

Score
10/10
xorddosbotnetdownloaderlinuxrootkit

Malware Config

Extracted

Family

xorddos

C2

topbannersun.com:5515

wowapplecar.com:5515
Attributes
  • crc_polynomial

    CDB88320

xor.plain

Targets

    • Target

      696238c4be30b209c5a724c48e51575e_JaffaCakes118

    • Size

      537KB

    • MD5

      696238c4be30b209c5a724c48e51575e

    • SHA1

      f2df00d4f8eca4605f6d5c8b06719fe5c9bd3f20

    • SHA256

      b8287196a4a9ca805698ab5dc377f275340552c70fd04bce08dc11ea48230e1c

    • SHA512

      ad9543b64653b61d6d0376ea9d16a49ba6b8f1eeea768c6caa5df9bb2546b5d10f3952545e4461f1bae1fff7b562084a1bda90132a3d59e52f48f81d96a75950

    • SSDEEP

      12288:ISraVbNYn/gpq5xnFeEu1eZ1gVcxfwbuHvh3u6yp5k:Im8bKEWt0EucZ1gVcxfwa53U

    Score
    10/10
    xorddosbotnetdownloaderrootkit

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

      botnetdownloaderxorddos

    • XorDDoS payload

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit
    behavioral1

MITRE ATT&CK Matrix

Tasks