Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
30-07-2024 01:16
Behavioral task
behavioral1
Sample
6c7dbfcef9364588a0afd8d1a1eab82f_JaffaCakes118
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
General
-
Target
6c7dbfcef9364588a0afd8d1a1eab82f_JaffaCakes118
-
Size
647KB
-
MD5
6c7dbfcef9364588a0afd8d1a1eab82f
-
SHA1
d46952dca5d5eaf1bb177f39611eae7cf0ede1f5
-
SHA256
077574431ff1b30d6985d75d3b047f7df05c1d4ee471f68f84ad24909764ea33
-
SHA512
141c02290e27316f5a1932d5121d6e4f08ece2a02d333d63adbd40918f69e699a0ac89992eedc376e4856e1d3e11622915dc467d3d59eb65307082927854ad46
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Tonbp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mb6wvnDWXMN
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
pay.wowoinn.com:7709
2.168.1.131:3826
abcd.com:8080
-
crc_polynomial
EDB88320
Signatures
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload 1 IoCs
resource yara_rule behavioral1/files/fstream-1.dat family_xorddos -
Writes memory of remote process 2 IoCs
pid Process 2459 6c7dbfcef9364588a0afd8d1a1eab82f_JaffaCakes118 2476 Process not Found -
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2459 6c7dbfcef9364588a0afd8d1a1eab82f_JaffaCakes118 2460 Process not Found 2463 Process not Found 2464 Process not Found 2469 Process not Found 2464 Process not Found 2476 Process not Found 2477 Process not Found 2464 Process not Found 2482 Process not Found 2483 Process not Found 2476 Process not Found 2460 Process not Found 2464 Process not Found 2464 Process not Found 2483 Process not Found 2483 Process not Found 2476 Process not Found 2476 Process not Found 2483 Process not Found 2483 Process not Found 2476 Process not Found 2483 Process not Found 2483 Process not Found 2476 Process not Found 2483 Process not Found 2483 Process not Found 2476 Process not Found 2476 Process not Found 2464 Process not Found 2464 Process not Found 2483 Process not Found 2483 Process not Found 2503 Process not Found 2504 Process not Found 2476 Process not Found 2464 Process not Found 2464 Process not Found 2483 Process not Found 2504 Process not Found 2504 Process not Found 2504 Process not Found 2504 Process not Found 2504 Process not Found 2504 Process not Found 2504 Process not Found 2504 Process not Found 2464 Process not Found 2464 Process not Found 2504 Process not Found 2504 Process not Found 2506 Process not Found 2507 Process not Found 2476 Process not Found 2464 Process not Found 2464 Process not Found 2504 Process not Found 2507 Process not Found 2507 Process not Found 2476 Process not Found 2476 Process not Found 2507 Process not Found 2507 Process not Found 2476 Process not Found -
Unexpected DNS network traffic destination 64 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
223B
MD5b791b087b1795e3674a9aa765c76fc04
SHA1b53f478234ae97f3cdbf2e7fe7ec68d687feb7c1
SHA2561c1e9b69cf8021bf7ce1f60dcaa2d31c1e21ed4b6e474f3571da81ffd5a9b69e
SHA5122dcc2e478c51cf8118306fd5c744aad7147e368cbc4329db1cc5fac52088a7f3354079ae2b582b270495789e4fb4591538ec88bb5ea40eec646f360bac33bbb2
-
Filesize
32B
MD5ad45de5c93cd09bd63267a264c52d2ee
SHA1726209678d82de2b827c3d556f87a83a3262fa97
SHA2563a2d2cec66539a2e44305afc5ce280fca9ede1c106cdbe035c59a14661dea514
SHA512da6dbf529dd967358dd645eb09a0d1b3e872bf131f6e8624ba72e2061cc0a99717a5aadecc2d5a762585d8940a0e07107f6d6961e784c309db00095606eeddee
-
Filesize
647KB
MD56c7dbfcef9364588a0afd8d1a1eab82f
SHA1d46952dca5d5eaf1bb177f39611eae7cf0ede1f5
SHA256077574431ff1b30d6985d75d3b047f7df05c1d4ee471f68f84ad24909764ea33
SHA512141c02290e27316f5a1932d5121d6e4f08ece2a02d333d63adbd40918f69e699a0ac89992eedc376e4856e1d3e11622915dc467d3d59eb65307082927854ad46