xorddos | fd6060b963d1b5ca7a07b5a283ad99105298a6708e44d286440a506738a17e34

Analysis

max time kernel
149s
max time network
155s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
09-08-2024 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

83eea5625ca2affd3e841d3b374e88eb_JaffaCakes118
Size

611KB
MD5

83eea5625ca2affd3e841d3b374e88eb
SHA1

dca946f677a1be95fb3ef6adc950730b4736a405
SHA256

fd6060b963d1b5ca7a07b5a283ad99105298a6708e44d286440a506738a17e34
SHA512

a856a78004812a5aa75f52ecaa3690d5edfc98179b4c34f23434cd9d60e0a0ea7dc6e3ab30e311f7da088267de026552155c9a46cc3c3dda99544e67969e3a1c
SSDEEP

12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Tipx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhpfNiGQl/91h

Score

10^/10

xorddos botnet downloader rootkit

Malware Config

Extracted

Family

xorddos

http://aa.hostasa.org/game.rar

ns3.hostasa.org:3310

ns4.hostasa.org:3310

ns1.hostasa.org:3310

ns2.hostasa.org:3310

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 30 IoCs

Processes:

resource	yara_rule
/usr/lib/libudev.so	family_xorddos
/usr/bin/dpcoxltqfc	family_xorddos
/usr/bin/smvoxwpcrg	family_xorddos
/usr/bin/agjlhfjdjn	family_xorddos
/usr/bin/tgxpmqgytp	family_xorddos
/usr/bin/nykiqzalwv	family_xorddos
/usr/bin/snwmtbtity	family_xorddos
/usr/bin/auhlkpxmls	family_xorddos
/usr/bin/fabislrrfg	family_xorddos
/usr/bin/lwxgsphaau	family_xorddos
/usr/bin/yigvbkoqhx	family_xorddos
/usr/bin/oyoxuwooca	family_xorddos
/usr/bin/pbnzxexebl	family_xorddos
/usr/bin/lurvvgvfdy	family_xorddos
/usr/bin/jdbcwvfilq	family_xorddos
/usr/bin/rizkqoyxsd	family_xorddos
/usr/bin/vgjhevhswx	family_xorddos
/usr/bin/ecioqomloi	family_xorddos
/usr/bin/vxkcrzjywx	family_xorddos
/usr/bin/goveqbdfaq	family_xorddos
/usr/bin/zikjwuvxpj	family_xorddos
/usr/bin/lxuwlvmwum	family_xorddos
/usr/bin/eaxtzutmry	family_xorddos
/usr/bin/tnnlqlzrhc	family_xorddos
/usr/bin/tpkvarqqws	family_xorddos
/usr/bin/lfjcyhpgek	family_xorddos
/usr/bin/mmcpjklxju	family_xorddos
/usr/bin/lmrvkbmtqh	family_xorddos
/usr/bin/lokghnwfes	family_xorddos
/usr/bin/mguvhwquxe	family_xorddos

Writes memory of remote process 2 IoCs

Processes:

83eea5625ca2affd3e841d3b374e88eb_JaffaCakes118

pid process

2821 83eea5625ca2affd3e841d3b374e88eb_JaffaCakes118
2834

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

Processes:

83eea5625ca2affd3e841d3b374e88eb_JaffaCakes118

pid	process
2821	83eea5625ca2affd3e841d3b374e88eb_JaffaCakes118
2822
2828
2822
2822
2835
2834
2822
2822
2834
2834
2837
2834
2834
2834
2834
2834
2834
2822
2834
2834
2822
2842
2846
2844
2848
2850
2851
2852
2853
2854
2855
2834
2834
2822
2822
2851
2851
2852
2852
2853
2853
2854
2854
2855
2855
2834
2834
2851
2851
2852
2852
2853
2853
2854
2854
2855
2855
2834
2834
2851
2851
2852
2852

/tmp/83eea5625ca2affd3e841d3b374e88eb_JaffaCakes118
/tmp/83eea5625ca2affd3e841d3b374e88eb_JaffaCakes118
1⤵
- Writes memory of remote process
- Loads a kernel module
PID:2821

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/init.d/83eea5625ca2affd3e841d3b374e88eb_JaffaCakes118

Filesize
495B

MD5
1a8bb30fae1b3ec7590baee1efd525f1

SHA1
5eb9be82ea30cfeb1f2d9d411d5f3b4257852e4b

SHA256
9719397e7f8592fc73bd26cee1e630341266255a56190c5b39a8f6432a6b4650

SHA512
577171cee878e3fa28b3a7db61cbb93992fee1246f72932b1e2a25ba6d905774c770ece209009ff192a28eb3c6309b6dece695f42bc034ab4a43f5a2a06e14ea

Download Submit
/run/gcc.pid

Filesize
32B

MD5
d7fff7c84f642c869be3273c1c8b276f

SHA1
904a243145b3bb235f1d8f4737d94c8cd9fd477c

SHA256
5d8f0bc9c6fda51af59a2622966a91c2bc156d9328e598aef7a7e12efa2784ba

SHA512
4ee56ee4dad0cb2650d10b1591ecdccd789ce7e6f89c0b6bb3cdeba034b1fb84f682534955b3733f8b3a16b25b16747cdd40a967f455b3a495c37b97760810d4

Download Submit
/usr/bin/agjlhfjdjn

Filesize
611KB

MD5
045d1ec0506e1134a86a0b6a7fe39c60

SHA1
2af4f1be6cf91f774bb5accd9e92c8d6dda93544

SHA256
981a91c85701e1e2041b0d2001189aa60c85d29d8d6f28df92a9dd5f872aac52

SHA512
0f62437e383d80e8bad480441cc23a8ee5c7d9b7aeec9d1ae9ca520b286f79bbf1efc4d3e422bb2a4fe97a98d26d3b7a62e44b6af3e5802edc96521b75551f24

Download Submit
/usr/bin/auhlkpxmls

Filesize
611KB

MD5
549fd603e2e842e4c88737a5e08f6e39

SHA1
9ff098fa45ffafdec6192fa979decebe49e0f1bb

SHA256
816c254489ac121036881bf7124dfd26def7afae7a615ae63471102adfe78204

SHA512
26a3df6281f447c50b889f32ef22f3040bdbe1fc69602cdb898ce60dccd843ae43b15721c3fef6b0cdf2538eafeaa6fca7e99dc8749d00c66ff9122dc388de97

Download Submit
/usr/bin/dpcoxltqfc

Filesize
611KB

MD5
dfcb03ad08edaf670940b0b296d7b083

SHA1
54c1c3a494416a53454b784c8d7fd233e3f2d961

SHA256
d391d55871ec4c774ac6909848b4d841a3e8e36aae61f1578adba0b38ad6aaa1

SHA512
0fe58b6c8192336171cef4444ded405c050740d8a49d6d43891fbdd4962de0d2c1565b55d2e6017eb851ef239e072dfaf4930358cb27064a46a1d73ca465386e

Download Submit
/usr/bin/eaxtzutmry

Filesize
611KB

MD5
df81aba8abfba93f4491d5c978fef867

SHA1
9393c4a7a5d954c057e7b3ed4fc97968201c15ed

SHA256
dcca27ed0e32f5105d35c87a1c89ba9b0c254446dd5fcdce2d1100c8dcee6919

SHA512
20a8391c244dcbae44aae5ac2c5ad59ec0f9459bd8ac2131d5bd4cf6fea29fcac5d615efb48db219981e3d67e69771ef6e51effe0b7481d72766fc0e9016a4ad

Download Submit
/usr/bin/ecioqomloi

Filesize
611KB

MD5
62d1367806a5ec754c3bd791cdd911b5

SHA1
467ef3e638edc7ab48caf9dd593c4ef004ca1733

SHA256
7960e75ebe2123543416cc56ada2e881785421457fba7f6e63090b1d67ca37df

SHA512
202cc5d78ba6710c8441403922a855411873639223a69ef9def094dc493fe0d02591ff234689f3eb2ef035924b666e1ee69fd88ae6fb1da456590dc3c43ddfa9

Download Submit
/usr/bin/fabislrrfg

Filesize
611KB

MD5
f16580f22a3f4fdff1179da8d8716434

SHA1
c2a4fefed884c2958131c82fc5d59b3fb67c385e

SHA256
3d9e93a245158724eba7356e09e69b805db002b0e1a0ea13e46fdf4cfcafd83d

SHA512
11e7f1105ba932f60d0f3aa2225d4e311a3704838b6cc2876d2d60e78ae97de6702a42d32846b033b5985ba74399ebd0e1459f0424fb32b187c38382191fd90b

Download Submit
/usr/bin/goveqbdfaq

Filesize
611KB

MD5
5adfd0084f8abb9249f0152b1abe637d

SHA1
07c8ed642a3bb3b0d1620a498d37a2be68082966

SHA256
e1675453f3d8b9652e28c0c6e22b83cce7aca0d8e352b31326984cf7514f2840

SHA512
a5224aab482423eae91e460e81dc4971a9f8a81967297a57c7ac5787be394e41777ccd62b321cf7e7b8dfbb74391ebd489a0d93151bcf346387d10a1647f18eb

Download Submit
/usr/bin/jdbcwvfilq

Filesize
611KB

MD5
cd3dc00d6bd9e6ebd9c6af96afd565c1

SHA1
f56c08d299ed00d27f3aa5aa3cab46469d5140ff

SHA256
695c698b7451aa015193e665ef5e56a2a9f8126a229d5ab97009b2dfadc46ad8

SHA512
a21de14316bf57f2850cb6c57b3cc3fe32c39e3934c5a2e97248b5da9f336e2b2264b6fa900185261995ad8a6b9e342235d1d2f44ddf7dbcfd1e1346d278ba6b

Download Submit
/usr/bin/lfjcyhpgek

Filesize
611KB

MD5
64fdc168616c0b2b3c46827074e41291

SHA1
09ca746b8f9f23891e59720617e4866a5b1ba382

SHA256
4b21c999e7c41347433aa136f5e6d4ce6aec33eeffb5f7206e66bd56547cee73

SHA512
c0e373db63c5b9f3365ad1585543881fc932e52c75e151284fd9a0d83689f31cd2d1a5613faca39b04b01271e4b1d9ad524760cea0095342521d4c37aac7ffc7

Download Submit
/usr/bin/lmrvkbmtqh

Filesize
611KB

MD5
492490471d61a60e26834ed901d4fe9f

SHA1
2c15575ab7939a7cc8ebc937e4c4060db12f60fd

SHA256
03815b909c2c296748a883ae9945d664342dd84049964d7180d83144c936eade

SHA512
415a82f5dd2f1a810fe010d8cb3893cf8961c9d3d1e54e7e58ab43429330e2cf229c3f612490bbe0da81dc9b8668d22df9c9f4bdb300986daf492210fe0dbc4f

Download Submit
/usr/bin/lokghnwfes

Filesize
611KB

MD5
e6e55a1728be1806ad04247ca581936d

SHA1
eb1225acee7afc26757eae1dc200c0b441a9f2f9

SHA256
7fbbc7443c71f6c824cc15d89e9d37ebe01ad0b6c0abf0e9188be323ab432c57

SHA512
520b17b9646bffa198bb018f9dc6541b373f7055931bad8f1647eec6d5a60c65454706d7ff263524c16a6592cafd0cf0dc800a5fc43d71e34cc40794cc1a6fd2

Download Submit
/usr/bin/lurvvgvfdy

Filesize
611KB

MD5
e75c5d0eec0bf5a1892e3046242a42ec

SHA1
e5fcab449ffe633b79675effd1db14a55edb3c84

SHA256
49d6fdb6ce99c827c98be054341917e4d38607c4cce00786dd142716c67d1c3c

SHA512
c7a19d6cade43b3eaaa0e17cafbb66ebb86a508bf1363c9931fdae9b605f3edb094e54f6fde55ae1b129150735f212eb1d5908547375a742a0f365f62777dab7

Download Submit
/usr/bin/lwxgsphaau

Filesize
611KB

MD5
4ca888273d33c2bdb56e7be1d4f7194a

SHA1
d0315d443194ea018958bbbf378b1554a5418e33

SHA256
5b89e926c2bce36cbc9c75f8f2c5f6aff95709ce1c0943a32d4d64e5b4983208

SHA512
27daab7448af504c8d1f4ee226b2586873185f7b78c2add08b6fe9cbdf5c78f0dfab890272724e392f08a67ad4f8299e265d95a4b797490fd8cbfdac462ebaa9

Download Submit
/usr/bin/lxuwlvmwum

Filesize
611KB

MD5
c746fd9c1f9e3dc4a5236f14fbe48e58

SHA1
62fc7f7c60438b807b741f20232bfadb81707705

SHA256
66105c677aa0e4c8a3b52890807b3f5135c03a1127239f6e983f0697fe0abc4b

SHA512
705f0a65ddb4bc30198be0b3ad1a7c56ce54e60a243e8ba61cbbcdab587713fc29533607c64d59a21d09f947eb3ecb9413c39b273de030d4078577c18434b0b9

Download Submit
/usr/bin/mguvhwquxe

Filesize
611KB

MD5
38f92a9adae724f27ee9e5c0ecc8e1ee

SHA1
c0845497f00c4c3a0d233767e6e636d682fae43d

SHA256
69c51e6ff2bbec0c1880a0cd135e974ea09cca3abc0b6f704d9e6619295d884f

SHA512
8ad55c13b7132e42400231d927a71f0f50daae9e58d9a7ff58ed63fefe24a5fffcb158055f16c952c6a0c42506cb462c6278068cd396014f660d05ac05d03c3b

Download Submit
/usr/bin/mmcpjklxju

Filesize
611KB

MD5
c4bfb126bc9bb6d922643cce3eefdb7a

SHA1
6f3b3fc89475a1ec41e48409bd8f5ad0742a3a9b

SHA256
ca998e0e6ddd73dcd488904651bf2d2ed7d1e4f63327047cdd645efc49f63b2b

SHA512
7f5d573b574993e1aac3de35ba4d80df73ce880d3f0d2c507d7e182cdb4de7849033089390b4882b3dccba65e88d49471e5309adb2efbf8210b8ce5f15f5f6a5

Download Submit
/usr/bin/nykiqzalwv

Filesize
611KB

MD5
c0aededa891ef2e73923b457147e0d3a

SHA1
36df4f4abc2722487df399bbac8cc94361204716

SHA256
ab105f62c746af6b54066951fb2cb1068da88d3c073bd77055572c47acae10ad

SHA512
3d7017528f1ccf17bd3ad075ecb9fd2247ecee57b7e0d738d31ea76700fb0c8b00dde610b97b104859af6d3c343a5c0538069de2702b199169397064b98e7f23

Download Submit
/usr/bin/oyoxuwooca

Filesize
611KB

MD5
16b2032527585e80b5afbbdd7189c1f7

SHA1
5a545397d24f43e71a0ecead907a0c9a6e0658ad

SHA256
2e8dd506075ea1059abcaf2b0f5b0ce940ca56f2307a0c0339a8d35d899e1862

SHA512
ed94a0231651197a0ebf1d13696ebe9dfe80305276db7d68f3aed63d8ba8b6f0a975678bc776e09c9174b3693aa5d20c47f74d1ef52e618c4e9784914c71f7f4

Download Submit
/usr/bin/pbnzxexebl

Filesize
611KB

MD5
5f642f79865aa321e367efe1f73d500f

SHA1
95ca9f648e000ff5975b9e84a5e73a69f2e6c512

SHA256
c09b1731a152c5f4f5bf9255deabdab1bc7d00a3564d411715d0cb7a74b29d08

SHA512
20ce8eff3df8c2935738be3f0e3c042e969b492365f7573df4d0adf0483827a5d5f03eef6df8e99a7c53648d77ba9bb66ef92abe196f47180e12194461946cd9

Download Submit
/usr/bin/rizkqoyxsd

Filesize
611KB

MD5
3164e2dfadce83d18a7fef1f1bbeab04

SHA1
a2d1e02565249e0ab9906b1d0ddf49f3fcc37dd1

SHA256
da6c882b246e38cd4537cf33dc6a0fbf19cc47a3f3a3cb7e99ea292aa80d0d65

SHA512
c3accee67412455aeda57f751dd8f8edcb25f6ff7f18267e44b59e7e47baca5725eb867ca4d2e413001599fd14f50be758606ed1971e5891609b19e255f88e34

Download Submit
/usr/bin/smvoxwpcrg

Filesize
611KB

MD5
0c842d844644a4ada8a5f84714f1c5e7

SHA1
ffe9368cdfa224c6155a4e19dafaa1e940b5bde2

SHA256
18cabc381139e2b385f6dec878f3b13c87e9e98a9a49cc7e9b037d7b07be3e4c

SHA512
8d609e79c45fc20988f0f4bc77eacc69ed59d5bad3f679ed6db13f99a803717adfd2e1d0c9d0c06853f0368f84a84f220b2b980b2104c38426e8a649e0582d2e

Download Submit
/usr/bin/snwmtbtity

Filesize
611KB

MD5
88848c852311f2f475a77ee68bddad5a

SHA1
b16b4bd9d01777dfe8a2f5a0282664f2f59e60f0

SHA256
842668ada9592207caf48db46f47cdb93ee1173b43cea91249f29a33e9bdf44b

SHA512
410661f071e9844ffa0de3fb3361a12c9de7f43347b0c5503fbe3eab5beafcfeb4d6930f69ee4a522a7917e78aa6f71a197b78b08f928f12ab0204b2df22aeb7

Download Submit
/usr/bin/tgxpmqgytp

Filesize
611KB

MD5
3bf1655d89c8ae5857d50aa5d54ddc7b

SHA1
a436c3912e196890fd6e07c71e009369e7452411

SHA256
008eb42e71b5c70eb7185aa84745abd624631dbd646049cba409f7164ae2b13f

SHA512
f354bbc275606e037fe5e942f595ad00f5ebcb7467739a723e44ac0503efc9ec8214a4a73555b1821af6909ae257bd006e79b9d7b2dd659ce4143139f911e514

Download Submit
/usr/bin/tnnlqlzrhc

Filesize
611KB

MD5
ff48cd3640df535817cdab11ec131372

SHA1
780357499599c4566f67c6686814df4207cf40cf

SHA256
6103df9ba22f400ea76ffe7d6b06f90c221b9f7c2c1c8067c428667962d5c020

SHA512
68c505c2f44dc122bbfcf7f8479ca1ee7277fea67a4624d24eb9a2423ecc2ce83991809f9c6ca0a558d92680093cb2c0ab46cd45f0662c9892e7e2119c7f2aad

Download Submit
/usr/bin/tpkvarqqws

Filesize
611KB

MD5
e7d5a60c8d4987901beca272eb81f004

SHA1
f4b5b602d5a788a51a6d04c2327d427457c1cbcb

SHA256
475d81c7eff1b31bf3aa51e8b3e89e262d66b774272b4067afd14e2514440913

SHA512
97e32d98d6a5e64a0f12849a27ab6e147ee7b0495fdab6ad1d18bba77a6a6e32294c4e53190ae0506b6bb4b615a3d43919cfb3f65278631847ec4466b2d95341

Download Submit
/usr/bin/vgjhevhswx

Filesize
611KB

MD5
b2ccf599070bc5903810e0de183c31f9

SHA1
dcf774d11e2a6b04786d9c8f795edb605797ed46

SHA256
472a37df31884bcb6e70640df73f555ba9d98a52e8308a1b6a6d5124dfc1a378

SHA512
f21f5210b361900c6f73f73f36f2e80a7c17b94a1cf80501bea4af049fdaae10bdf6c45b2e765e267ac2df8827eb23abc29b218db739a8ab9286fa91a26a9de5

Download Submit
/usr/bin/vxkcrzjywx

Filesize
611KB

MD5
3d5fa414b3c6cd199f96b050b27f3888

SHA1
5142035d9bf70ee4b69405995d973beb397e8df9

SHA256
15229e431d6d974bfb3a019db2aaccbe72b79e765256a08f08ce35d6d6474ea6

SHA512
753e25cdf33d9752ef6ee17af090f2814a37d558119b05b8223ca24883e8559bf362a1c4809c7c9f80127c524017a920e10322b21561b09eee8c657ebc59bec5

Download Submit
/usr/bin/yigvbkoqhx

Filesize
611KB

MD5
fbdb49f43228d285191c056a37cd49e9

SHA1
094b0f515a6bf5dc4041c11bdd7a0f6d8342ea15

SHA256
6efe700a3c3f34fc39d5abfaa1dec890d22f65c65046650e89ed46a834cd0a08

SHA512
67b4c49cbb9d71d694593a9a6549eb7c6b87c132ed823bc502ca15b8986265527cc30a7ef4c719b95533d1796142a3c4eda67b1afa5e55473bb3ee61b7076865

Download Submit
/usr/bin/zikjwuvxpj

Filesize
611KB

MD5
189894cedd6617af118226d88aaf4c1b

SHA1
8c565db17916b9c273752beb26a0fad19024875c

SHA256
f29c0f9f5d20e65eddd7596c68f0a438cda5ef11648a57d7d58d8dde131cfd78

SHA512
115fe94b4a74f6b2b93c1453b938f3e4387ba7a5c6b140a51c7cbf3be64171f3824493eeff34b7f4466f90136b661e28b91656ab48b18a977c9022d16af44985

Download Submit
/usr/lib/libudev.so

Filesize
611KB

MD5
83eea5625ca2affd3e841d3b374e88eb

SHA1
dca946f677a1be95fb3ef6adc950730b4736a405

SHA256
fd6060b963d1b5ca7a07b5a283ad99105298a6708e44d286440a506738a17e34

SHA512
a856a78004812a5aa75f52ecaa3690d5edfc98179b4c34f23434cd9d60e0a0ea7dc6e3ab30e311f7da088267de026552155c9a46cc3c3dda99544e67969e3a1c

Download Submit