Extracted

• • Target

    8ba5afdd3b19b7a6f7c94332472d6688_JaffaCakes118

  • Size

    611KB

  • MD5

    8ba5afdd3b19b7a6f7c94332472d6688

  • SHA1

    0d25545b1153eeefe48aa9bc370523c86269b88e

  • SHA256

    e08910543e9be6e2f415f4bc61fcb5e6e54b87b1b5fe982959116a7aced8e2ca

  • SHA512

    a05ccd44190368c1938a3decf5172d3a09071e97d36266481496e444b5f84978d56465738a41da562ba22b2fdeaf14439b8b79a03f8650476dedb64f74404a53

  • SSDEEP

    12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr4T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN4BVEBl/91h

  Score

  10^/10

  xorddosbotnetdownloaderpersistence

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos

  • XorDDoS payload

  • Executes dropped EXE

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Enumerates active TCP sockets

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence

  • Write file to user bin folder

  behavioral1