xorddos | 46b79608c9a603c1f0046b0952f080b6cce855320a80bb6db4155a26ab0fd5f0

Analysis

max time kernel
149s
max time network
154s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
30-07-2024 14:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

757b89c6cc5a910c11a555a381684e55_JaffaCakes118
Size

611KB
MD5

757b89c6cc5a910c11a555a381684e55
SHA1

5cd2b55e20d10dd6bdd9bd972aad67ef7544d4ce
SHA256

46b79608c9a603c1f0046b0952f080b6cce855320a80bb6db4155a26ab0fd5f0
SHA512

0a9ecca06f87e403e7170dcb3fa275547139f9ee4b253efdd96f01d2d806b49d78a1ebf8bf420c156d9cbf74dc652c180b6591de2c5f34d5902f0e64cf45bd1f
SSDEEP

12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr3T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN3BVEBl/91h

Score

10^/10

xorddos botnet downloader rootkit

Malware Config

Extracted

Family

xorddos

http://www.s9xk32c.com/config.rar

ww.s9xk32c.com:3308

ww.s9xk32a.com:3308

ww.s9xk32b.com:3308

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 30 IoCs

Processes:

resource	yara_rule
/usr/lib/libudev.so	family_xorddos
/usr/bin/tejledvkrw	family_xorddos
/usr/bin/dgcygtpknj	family_xorddos
/usr/bin/vepcnsawqi	family_xorddos
/usr/bin/mdvjxdsgnz	family_xorddos
/usr/bin/shvxdnlmpo	family_xorddos
/usr/bin/cripsnggcq	family_xorddos
/usr/bin/tiemcuupgp	family_xorddos
/usr/bin/ubzhgwjbbb	family_xorddos
/usr/bin/qwrtlhcoib	family_xorddos
/usr/bin/crbilsldys	family_xorddos
/usr/bin/fuzhjugbpa	family_xorddos
/usr/bin/cuqtohvqaz	family_xorddos
/usr/bin/ufiyqzgwut	family_xorddos
/usr/bin/skdbudrzwf	family_xorddos
/usr/bin/eerddidpgc	family_xorddos
/usr/bin/ocxjskkqxp	family_xorddos
/usr/bin/ffyhtainky	family_xorddos
/usr/bin/oicrvuswun	family_xorddos
/usr/bin/gpctaweytd	family_xorddos
/usr/bin/thaahkrwgz	family_xorddos
/usr/bin/hfnppykxpg	family_xorddos
/usr/bin/gvbuysxplr	family_xorddos
/usr/bin/nmuwhldufr	family_xorddos
/usr/bin/qobieztrhv	family_xorddos
/usr/bin/yaxekhdphn	family_xorddos
/usr/bin/vzwpdwbqib	family_xorddos
/usr/bin/cvxzasyosn	family_xorddos
/usr/bin/wjjhbwqtat	family_xorddos
/usr/bin/warttluggg	family_xorddos

Writes memory of remote process 2 IoCs

Processes:

757b89c6cc5a910c11a555a381684e55_JaffaCakes118

pid process

2808 757b89c6cc5a910c11a555a381684e55_JaffaCakes118
2824

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

Processes:

757b89c6cc5a910c11a555a381684e55_JaffaCakes118

pid	process
2808	757b89c6cc5a910c11a555a381684e55_JaffaCakes118
2810
2819
2810
2810
2825
2824
2810
2810
2824
2824
2824
2824
2824
2824
2824
2824
2810
2824
2824
2810
2841
2839
2843
2847
2845
2848
2849
2850
2851
2852
2824
2824
2810
2810
2848
2848
2849
2849
2850
2850
2851
2851
2852
2852
2824
2824
2848
2848
2849
2849
2850
2850
2851
2851
2852
2852
2824
2824
2848
2848
2849
2849
2850

/tmp/757b89c6cc5a910c11a555a381684e55_JaffaCakes118
/tmp/757b89c6cc5a910c11a555a381684e55_JaffaCakes118
1⤵
- Writes memory of remote process
- Loads a kernel module
PID:2808

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/init.d/757b89c6cc5a910c11a555a381684e55_JaffaCakes118

Filesize
495B

MD5
f0b0bf9d3d5976023d31cd7eea1504ae

SHA1
accc7cc46e533a9be579598760c1a584ab0dcda8

SHA256
7d8575a597d833350b8f13877d95e5a1ada0d2984d6c650d6ca0315fe1bb651b

SHA512
e85d3261a3b186856e68080518ca3c4ddd7f6385d7fa67c8953dcceb29097f0c88ab02fb71aa5a21e02217558a40ae6dc21f27577ba7d7e78760d297be670c8f

Download Submit
/run/gcc.pid

Filesize
32B

MD5
6d943855af1272d31ffbd7bf60ebfec7

SHA1
2a8d44539b731a0f149c7f2ac062ec6852d279b5

SHA256
73ce657ae35e0e2e572940083e5564eb39c0403dafd6c4751ba832d09d1003f2

SHA512
36a2e5e4b813a6fbbc3e89190b3501f34367a26e080534257e6e622b005cec64c9175689479081a5218e9918efdb618df9319313d65aa13a1123086d694881a7

Download Submit
/usr/bin/crbilsldys

Filesize
611KB

MD5
a699242d3586011de4bc88242940da8d

SHA1
d469fea27a835770f10eb12997280abbc6c5766e

SHA256
21c2d0d9156db8739397d9f946540e0cfb407674180378e36cdd0e8566d95a92

SHA512
9b47ff77a0470f0ce1f75c9c66a2c2a395a400b88da87b0e91a09e8309fc2d78bbbd6738ae76d6a8c06469022537573e69d2f53ef4d0bf0200d502603b973cd1

Download Submit
/usr/bin/cripsnggcq

Filesize
611KB

MD5
3054eee69a31f8b9712743f08ff5ceed

SHA1
2f8a2ddc53fad6828d2aad62c9a37f045c423263

SHA256
ac0683cb87b8bccac12b34b099ce759703a89a2b774ac8775ee83978ae97c1fe

SHA512
dfc742ca2af6d179d0ba8e54ad98cb10e019591f4b104cd10f92d2f4d81679872184b0e657b3ea406ea67d284abe7d5a63eaae38080c7ac085f5007802cc5444

Download Submit
/usr/bin/cuqtohvqaz

Filesize
611KB

MD5
1addeb40da782649297ba0ef7af99896

SHA1
1a58332527aee1ec9fd372cb3a29a8325585dea6

SHA256
40899bc465e4350897722112c8c85f87bea181a2ebe40e4cd3741868f52e2d72

SHA512
fca9c506afed802dd29505efae6dcd6401e63825d789adfac661cb9fe78499b63894fa5f1015bf7789440b7e58a4a345948e62ee19c643d73752be3f059baed2

Download Submit
/usr/bin/cvxzasyosn

Filesize
611KB

MD5
4cfa25c0ca87495a62408191a66f1bea

SHA1
d8d9c2e6c2e96b3ac49dc96de376c2dd6e3876b9

SHA256
84b359ab10439797bb839c613292b496f62e5d68f5169e17db85c607306e8e12

SHA512
c2df96eb21c8bb78bcc1d414392161c971ed8c7ff5d0a6a7eaecb83a512db366b618d64ae6a23832a597f7f0ee1d47b213c9b2fe4f8796e70694950162cfd229

Download Submit
/usr/bin/dgcygtpknj

Filesize
611KB

MD5
2e271ae6b0ba2e4090652c3f0c66c8e3

SHA1
726c81f1d31e5299504fc66f2cd03d4d86d6cbed

SHA256
7722a893c966b3c8e40f3983a2849918e60dfcdf045b8ccc15bcdf22cd98871a

SHA512
cdcd8181a1b9315856868052d4915e2b4bfc2e32e342b10ba78a5bcc4559a578406a5d8de055c86a1a013ff4c144d5af820393bd905812c40e694cde30bd2450

Download Submit
/usr/bin/eerddidpgc

Filesize
611KB

MD5
bda89726004531317cda4e12f47dc56b

SHA1
8b7c774f3100376510c8d800334911750c25e4a9

SHA256
eb570be8d0547a9f56de9a7bacd5e23a965bd5a7fe6673582198600f66883035

SHA512
c9c37d670919628eca0b2cfdfa5b0c1ab88aa37b230a06d232e4c84eea83189f57c1b831d362901afb15d0736e7cc815aa219cced731b6bc8dbf0cf51cf0d1e9

Download Submit
/usr/bin/ffyhtainky

Filesize
611KB

MD5
830b95e75c729f730e8809f4d96721fd

SHA1
123d026042362af26f06ce767880b3d983fbdd0f

SHA256
8579337c337b32ad6e8888a24f3afa8a2fc49834d2408f88250f28a5b72ced7b

SHA512
dddedbc6d7451ea151f2dc3cdb9990482f59a7c967faec415d8c821896132eb4d81fd7d6edba40d6edb450f71cb1881775325117dc70a70457a3b6491389646a

Download Submit
/usr/bin/fuzhjugbpa

Filesize
611KB

MD5
40929ba173729a4570ddf4d45328becf

SHA1
f810431768b5c7b0ce8fa8d50c2b10c4c7399755

SHA256
dc7c7e972eb3482fccdced1fe3a13e7a6d253720e8858e27b3be6c9c0ea5bb8b

SHA512
58bd92033af03c2e116d7955290ff6007f2aa16d29b901c925092060290aec654e8741ea48680ce2ddb5506deb8427c7b400cf3cc4e3163f3e065bc14183aac6

Download Submit
/usr/bin/gpctaweytd

Filesize
611KB

MD5
bc1db4d98006693c48a2315ed09adef3

SHA1
438bfb92015ae9da9ece4d6b7cb4abd501fd161f

SHA256
642899831f0865cbca2c2875b639dd5fc64fa23df18f9d4385d77354c14200fb

SHA512
0ecf89c75232b9f2318ec59586f3256fcec9bdbfc7a53b0c61dc00d6cb7771ad0ce2ed0ede2d9d76a82ff88942cf74bc8cba19178a5370a00448dfc40898b81a

Download Submit
/usr/bin/gvbuysxplr

Filesize
611KB

MD5
4db65b10affe95e046aa78fb90f39b5f

SHA1
40d6b2e0318de00b3b0d4912eec177594233306e

SHA256
6e378252f54d6a56c85c09edf25a98db4f09dd642ccbd1bdd7ae2606f395cd24

SHA512
f4fab0fb88b42edf6cdd25da66853c51bb380cba2412b4aa07c4a4568b03ba6bb3cc9e318d1654d48c24c09bf06dac2f9500ca7aa13307f5bfd25263bc7a642e

Download Submit
/usr/bin/hfnppykxpg

Filesize
611KB

MD5
3fc7dad6c330d7ce60fbf719ee7cb362

SHA1
789a9a851c952ec2d8003c779a49cb82ab6f2363

SHA256
036ca383eeab2c031abb22259cf15fa9775e0419a17cc8bc0069cd51f3428ca4

SHA512
1468edc5e7556ab10aca638a513e30cb00f0e6b8726d43c10c69f2ea3d7401f3b6767c358f187765b83f8a35ccc353f315d0f40101a8163c43e62b374fc081dd

Download Submit
/usr/bin/mdvjxdsgnz

Filesize
611KB

MD5
c5a77b1b69f1e44913b624bd290fbeb5

SHA1
680f556524f697aeb54176e760c92b0bb1a570e4

SHA256
2c4478cd486336fd43735c0eab595dd8577f5bcaa6d3962b14769754679d1639

SHA512
22235eefc8b029e5bf29ff13854feae294085bd3593b234096e237a17fbf9258e53f34115d20acc5c9d5c895d7156aed9118fe75f7532218b1fd8482f31b2084

Download Submit
/usr/bin/nmuwhldufr

Filesize
611KB

MD5
e08a0cf6b8990ad4a97d03c63d048424

SHA1
88294ded7c39b18e928fbdbbf53f34352675c6a4

SHA256
f20690a20a8bdc042259c316f09a053028df240b413614506d5792e57ada1914

SHA512
d1506f6b7570a63c8574e1d50a59c350c07d147e9a6b76b36166d2b0cf32042b7aa23849b3ddea08bde926b806893821c247724734c4d451cd91c924b60e442a

Download Submit
/usr/bin/ocxjskkqxp

Filesize
611KB

MD5
6ae75a928ac5babdb829ed6c105e9dd1

SHA1
edb2fe33ace54ce7d2d0089e2bcdf5e7e1af93c4

SHA256
b0c420ca70c9cd4f5acf2e956be22bd8179e9f60e2f8263ec4d420f4219dbf06

SHA512
252c367a41719f00ad7d1e653206512111bf79bb42d2e6d0cfb0d70a68405797d85d0ee62c36f57940fb60688b9b87d800b0883540ce4886b908a5d6388d329f

Download Submit
/usr/bin/oicrvuswun

Filesize
611KB

MD5
aad95509397e694e42f8fc29a72257f0

SHA1
b01934ca5027c2eaa9dd0e5421756fe53ccf3c47

SHA256
04d64a6d95872dca88a3c5b383496b91bb3b1783fa3dd00afacfa308a0b30c1c

SHA512
78ff86238370305b03d616d9f09de665c167fddfa0d3322b64ddf27f822b8ddcde714fded8c49908aeb814a98ac23cd84a38f8fcbcaa7fd3809cd7ce424cd14b

Download Submit
/usr/bin/qobieztrhv

Filesize
611KB

MD5
57ee49f1355cf8cd8c51aa5593463800

SHA1
a5fc0d6934091d3ff029ab2d2dc0e480ffae2244

SHA256
d36c5e3a801f309389eb4dc3e751cc301349c16bfeb231bc3720b069a3dd21f1

SHA512
e316f9dec019c771fee192057d0e782454d8f4d6e311c1674447600cf2b8779fe9b6b985f3059fc892bec190744f553499ed7ab7b680bebe451addd146a136d4

Download Submit
/usr/bin/qwrtlhcoib

Filesize
611KB

MD5
4e653268175df163047103e7559e88bb

SHA1
031e24001850f687fea59e9db7c62d151c60a7bd

SHA256
683413cc994f3d8751f6f6c6dc42d11c956f6a6c5d1c1748fc565fb5405b25f6

SHA512
e70ff5dfda2904d61d0b21c741f63d3f170decbef34038c2a658100ceb6fdd049a77437d87f0531a2f0366fab73c8226c68110427cf90188551cf46ec89239c4

Download Submit
/usr/bin/shvxdnlmpo

Filesize
611KB

MD5
1e9be7abf0f5ed22c77da144d83cc56f

SHA1
2f5cca523458058c53432c99cdfab46351657452

SHA256
2be4a5bb67eec30707c5dc5a4b47b49dcc053efbe626eaca541e16e5081e0c87

SHA512
06725282007adb9425afb9c84e433d11afafc4c54a98d7452d57957237941acab76008064975640b39161bb5b8dd0946352aeda840c13801a07a2e8bd4c60148

Download Submit
/usr/bin/skdbudrzwf

Filesize
611KB

MD5
51723f46cc628722f43ebc22c7a2e5b8

SHA1
25f768b2dd8b3b49091ddbf09f613095ebd31c64

SHA256
5cf52865108f586dee5b72bfe50e6e2acbb3b41316a36ec5f8c0b5d044e65c38

SHA512
99014fbca4acd6a9ce5bb15f1af482478e2f81128d65a7efe63b2e5b589c699900884c6c7772c07325ec94345ed27cef8f03fd9a5670ef65f8a1b2e6204ebe90

Download Submit
/usr/bin/tejledvkrw

Filesize
611KB

MD5
eeb8ba178118ef8186aa811b83f5aafb

SHA1
4190eb2db79b79a52a44a0daf0ffb86682a49e58

SHA256
b27759efe6c9e409589d166b6375bd9f6be6837c698794d86e01a71244c435db

SHA512
044310d0d4ed55053d21135375c2d09b3ec4069e60ddcb99173e7b746939305458b3a40f604b09088d80edb9cc0bcc2d8bcf6caf1269182f8eb8d261a0dcfc46

Download Submit
/usr/bin/thaahkrwgz

Filesize
611KB

MD5
40de63109e738385c5a52509eba19e34

SHA1
d3939e9ceb147383b5f8cb3b6751aa5bc144efd4

SHA256
d39f86f6635779a1ffcb5cb7b8876851d0c5391b652e5d060bb3cfcebe71e52c

SHA512
3f1beb9bca8d0edb30d340e40713fa8b2554ecb396370f10dfffe6257a45ee9163bbb688e88575a6b13cdd071e781d262b1842a4adf886cb36031402538105f8

Download Submit
/usr/bin/tiemcuupgp

Filesize
611KB

MD5
fec1bec8b9e48f473392a8cd9d420cb7

SHA1
eb9ee24a2a4c4982fc84bbf5eec9ea5155d83a34

SHA256
707450fdc90eef51f50f46e5585443d06d6bf9931eb7b4d732cf77d89e309271

SHA512
48f0b1f065d49fa4aa45c7befef339f18e4f8e8306e9048b6a2ec484921d9e8dfc6ba6fbd82f74388d0467627fbb111d7ff4a71e496582b9c4b469bd0146057a

Download Submit
/usr/bin/ubzhgwjbbb

Filesize
611KB

MD5
ca594a9d23cdb5cc0960f334739fa023

SHA1
9506953df9c23ff5aacdd52711685f2bf6291abe

SHA256
cb079bda5c4388913c1950075e2f4c1c19c845403b7f86badfb88595ae345fb7

SHA512
b0bc9efdd802d3010a44b08db3dbfe2d64d0115dfa60e1ee5d104f0a6df5bd326a38588ff2d2bb4724e968af098c813a94df1900877b0320cf4d7219883690dd

Download Submit
/usr/bin/ufiyqzgwut

Filesize
611KB

MD5
113bf9cf98fa6f06ff09dd407e66285a

SHA1
d1d56566377de5a6dfc3fb396c151db87469dc73

SHA256
fed6a6a61164916d8ad6767e8d44cb1f213101506300938b55e6b326f5c8a4c6

SHA512
364255bdc3a65b59d93c76cc4cb032df4cbb0bc636f315956fe81c13fc02ebce9c2db9f4e2313b331613b18c7587087380e010264bf0fa67545b2412fdd61ee5

Download Submit
/usr/bin/vepcnsawqi

Filesize
611KB

MD5
f4ce4b5ad665fea17d280aec9b5b3f8c

SHA1
87ab93e52f3ae46d0c172889e9e0b7ab25b18feb

SHA256
655e2eb2680a6f63aa8563ba122b07a86a4e97561bdb5de4469b446ed603cc58

SHA512
fc53dfdf1aeac1068a237c4d911cf326fc43ed7c1ba9d89746d678da9b18ada1651eeafc646a37dea9ca2857797e8d041237292dd123f2582846537255f8c1d4

Download Submit
/usr/bin/vzwpdwbqib

Filesize
611KB

MD5
a738f7b92988f31e7876968d61948c94

SHA1
f1ad878ad361d76fd92ad0bebc42ae38116395f1

SHA256
275fc69c744085c69dcbeb57b9223010067043e4594ff2399057327429bdb687

SHA512
2e2f56328888ea524aed45c2df3bf963bfb713d6012b3f4f8dd756a0b82aa9970434ff8fe6a4dcdb6383fd4aacefd14b0c9baf0666e842be1939f1cdbb1d51c7

Download Submit
/usr/bin/warttluggg

Filesize
611KB

MD5
efaed4abc3f01a906e89de7345ab03de

SHA1
1e004a912aae10e5072e07d15cf3dfba27a067bc

SHA256
06dfc80a31588aa6ddb06e3028419d084b4af3048d054d7ce0d1fc5b4e71ecbb

SHA512
31332a5c99a6b44935581eadea24e3a740bf3e80f5215951e4e5a211c76f12acb7a18e57ec73ba4a47baac2ca8d36f2674a417cc22459612d87b793c2bc02b1e

Download Submit
/usr/bin/wjjhbwqtat

Filesize
611KB

MD5
4b8168de57795036dade3590f00f7bca

SHA1
743593a40c2e75428e3bccf7625ab579a19021a2

SHA256
324a7b2fe36c8438c31658dbd48d212cce0cdd25b5da355aec9aba20b566e79c

SHA512
a0119a11d388c6022a9e799ad568492f77216bd878a9c84b4e89fc1337d585a2c5e86a5f1889cf26fe65ab920ebc472a4866900a6688ff2fe002e23ee08d492a

Download Submit
/usr/bin/yaxekhdphn

Filesize
611KB

MD5
6983988a9f1b2f78be09c7dd3979c2fb

SHA1
b24c0ad317d55b17cdd1f1c3e2e9153b8fcc48e2

SHA256
ae70efbcb9fccacdba2faaab161fd8598bf67cfdbe86fe708105645ff6a2e348

SHA512
4d48cf94fae5be71aa3afae854a57a9195d4336d8527ab2b9fca3efaa755816c86bfb4f7483101e5a5c1c5cd8e33168f2a751e71ad300df63d08ac0074770bb3

Download Submit
/usr/lib/libudev.so

Filesize
611KB

MD5
757b89c6cc5a910c11a555a381684e55

SHA1
5cd2b55e20d10dd6bdd9bd972aad67ef7544d4ce

SHA256
46b79608c9a603c1f0046b0952f080b6cce855320a80bb6db4155a26ab0fd5f0

SHA512
0a9ecca06f87e403e7170dcb3fa275547139f9ee4b253efdd96f01d2d806b49d78a1ebf8bf420c156d9cbf74dc652c180b6591de2c5f34d5902f0e64cf45bd1f

Download Submit