General
-
Target
84bcefccce52f403231a3a6cffc26836_JaffaCakes118
-
Size
611KB
-
Sample
240810-emxzbsygkf
-
MD5
84bcefccce52f403231a3a6cffc26836
-
SHA1
38334ee929da899adf2cf6ce65dec8ebaa94cd64
-
SHA256
8e0feb43f2137013fbbe42258dcc118104f9237cf41bfa52d342211ac823fad2
-
SHA512
8557351e21cc978ab172f49931cb5ff7d9b51ea301cd1727c513990282fa37baf06ebc3094de6966ea6e755d98003348b2775ef9b425233447d58ecfb445669e
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr1T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN1BVEBl/91h
Malware Config
Extracted
xorddos
http://www.s9xk32c.com/config.rar
ww.s9xk32c.com:3306
ww.s9xk32a.com:3306
ww.s9xk32b.com:3306
-
crc_polynomial
EDB88320
Targets
-
-
Target
84bcefccce52f403231a3a6cffc26836_JaffaCakes118
-
Size
611KB
-
MD5
84bcefccce52f403231a3a6cffc26836
-
SHA1
38334ee929da899adf2cf6ce65dec8ebaa94cd64
-
SHA256
8e0feb43f2137013fbbe42258dcc118104f9237cf41bfa52d342211ac823fad2
-
SHA512
8557351e21cc978ab172f49931cb5ff7d9b51ea301cd1727c513990282fa37baf06ebc3094de6966ea6e755d98003348b2775ef9b425233447d58ecfb445669e
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr1T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN1BVEBl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-