Overview

overview

10

Static

static

10

757b89c6cc...kes118

ubuntu-24.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    757b89c6cc5a910c11a555a381684e55_JaffaCakes118

  • Size

    611KB

  • Sample

    240730-r8h4hsvfkk

  • MD5

    757b89c6cc5a910c11a555a381684e55

  • SHA1

    5cd2b55e20d10dd6bdd9bd972aad67ef7544d4ce

  • SHA256

    46b79608c9a603c1f0046b0952f080b6cce855320a80bb6db4155a26ab0fd5f0

  • SHA512

    0a9ecca06f87e403e7170dcb3fa275547139f9ee4b253efdd96f01d2d806b49d78a1ebf8bf420c156d9cbf74dc652c180b6591de2c5f34d5902f0e64cf45bd1f

  • SSDEEP

    12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr3T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN3BVEBl/91h

Score
10/10
xorddosbotnetdownloaderlinuxrootkit

Malware Config

Extracted

Family

xorddos

C2

http://www.s9xk32c.com/config.rar

ww.s9xk32c.com:3308

ww.s9xk32a.com:3308

ww.s9xk32b.com:3308
Attributes
  • crc_polynomial

    EDB88320

xor.plain

Targets

    • Target

      757b89c6cc5a910c11a555a381684e55_JaffaCakes118

    • Size

      611KB

    • MD5

      757b89c6cc5a910c11a555a381684e55

    • SHA1

      5cd2b55e20d10dd6bdd9bd972aad67ef7544d4ce

    • SHA256

      46b79608c9a603c1f0046b0952f080b6cce855320a80bb6db4155a26ab0fd5f0

    • SHA512

      0a9ecca06f87e403e7170dcb3fa275547139f9ee4b253efdd96f01d2d806b49d78a1ebf8bf420c156d9cbf74dc652c180b6591de2c5f34d5902f0e64cf45bd1f

    • SSDEEP

      12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr3T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN3BVEBl/91h

    Score
    10/10
    xorddosbotnetdownloaderrootkit

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

      botnetdownloaderxorddos

    • XorDDoS payload

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit
    behavioral1

MITRE ATT&CK Matrix

Tasks