Overview

overview

10

Static

static

10

79bcd3bc33...kes118

ubuntu-24.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    79bcd3bc33b21283428502db3e971e22_JaffaCakes118

  • Size

    611KB

  • Sample

    240730-x5d82sygje

  • MD5

    79bcd3bc33b21283428502db3e971e22

  • SHA1

    e28fc2960e5836bd1887904c012b0bce5fdd7912

  • SHA256

    20a8f8c205ff6e616dd7025fb9a51be5bf2bedac3f050ef53703af2137376314

  • SHA512

    3cc4cd1684a1a8ed3c2b767c12b3c22be52e47d09d6009e61dbf52b3263eac74ee9a3ce12b76f5917db18984cc3342b707224a22e22ae287e99c355c394b9d98

  • SSDEEP

    12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrkT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNkBVEBl/91h

Score
10/10
xorddosbotnetdownloaderlinuxrootkit

Malware Config

Extracted

Family

xorddos

C2

http://www.gzcfr5axf6.com/config.rar

ww.dnstells.com:23

ww.gzcfr5axf6.com:23

ww.gzcfr5axf7.com:23
Attributes
  • crc_polynomial

    EDB88320

xor.plain

Targets

    • Target

      79bcd3bc33b21283428502db3e971e22_JaffaCakes118

    • Size

      611KB

    • MD5

      79bcd3bc33b21283428502db3e971e22

    • SHA1

      e28fc2960e5836bd1887904c012b0bce5fdd7912

    • SHA256

      20a8f8c205ff6e616dd7025fb9a51be5bf2bedac3f050ef53703af2137376314

    • SHA512

      3cc4cd1684a1a8ed3c2b767c12b3c22be52e47d09d6009e61dbf52b3263eac74ee9a3ce12b76f5917db18984cc3342b707224a22e22ae287e99c355c394b9d98

    • SSDEEP

      12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrkT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNkBVEBl/91h

    Score
    10/10
    xorddosbotnetdownloaderrootkit

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

      botnetdownloaderxorddos

    • XorDDoS payload

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit
    behavioral1

MITRE ATT&CK Matrix

Tasks