xorddos | b5af6310e833e227562ece7d24dbb628a7717b91a0cb67ec2036dd1776fb1b45

Analysis

max time kernel
149s
max time network
151s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
15-08-2024 12:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

9a15e92854143e58f3adf74cc9956042_JaffaCakes118
Size

611KB
MD5

9a15e92854143e58f3adf74cc9956042
SHA1

a6821803ff1dcb7ea567f67dbf5ac9f878dada48
SHA256

b5af6310e833e227562ece7d24dbb628a7717b91a0cb67ec2036dd1776fb1b45
SHA512

78cdd01c9b4cf5f30a4c2f5a2e2b1093de2805ef90f9e34051f2ad18145fa2e57e1d795b51a557b706b44f77ac93b6b462e2b53411df41baff7aee311e120c35
SSDEEP

12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr+T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN+BVEBl/91h

Score

10^/10

xorddos botnet downloader rootkit

Malware Config

Extracted

Family

xorddos

http://www.s9xk32c.com/config.rar

ww.s9xk32c.com:23

ww.s9xk32a.com:23

ww.s9xk32b.com:23

Attributes

crc_polynomial
EDB88320

xor.plain

Signatures

XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
botnet downloader xorddos

XorDDoS payload 31 IoCs

resource	yara_rule
behavioral1/files/fstream-4.dat	family_xorddos
behavioral1/files/fstream-5.dat	family_xorddos
behavioral1/files/fstream-6.dat	family_xorddos
behavioral1/files/fstream-7.dat	family_xorddos
behavioral1/files/fstream-8.dat	family_xorddos
behavioral1/files/fstream-9.dat	family_xorddos
behavioral1/files/fstream-10.dat	family_xorddos
behavioral1/files/fstream-11.dat	family_xorddos
behavioral1/files/fstream-12.dat	family_xorddos
behavioral1/files/fstream-13.dat	family_xorddos
behavioral1/files/fstream-14.dat	family_xorddos
behavioral1/files/fstream-15.dat	family_xorddos
behavioral1/files/fstream-16.dat	family_xorddos
behavioral1/files/fstream-17.dat	family_xorddos
behavioral1/files/fstream-18.dat	family_xorddos
behavioral1/files/fstream-19.dat	family_xorddos
behavioral1/files/fstream-20.dat	family_xorddos
behavioral1/files/fstream-21.dat	family_xorddos
behavioral1/files/fstream-22.dat	family_xorddos
behavioral1/files/fstream-23.dat	family_xorddos
behavioral1/files/fstream-24.dat	family_xorddos
behavioral1/files/fstream-25.dat	family_xorddos
behavioral1/files/fstream-26.dat	family_xorddos
behavioral1/files/fstream-27.dat	family_xorddos
behavioral1/files/fstream-28.dat	family_xorddos
behavioral1/files/fstream-29.dat	family_xorddos
behavioral1/files/fstream-30.dat	family_xorddos
behavioral1/files/fstream-31.dat	family_xorddos
behavioral1/files/fstream-32.dat	family_xorddos
behavioral1/files/fstream-33.dat	family_xorddos
behavioral1/files/fstream-34.dat	family_xorddos

Writes memory of remote process 2 IoCs

pid	Process
4056	9a15e92854143e58f3adf74cc9956042_JaffaCakes118
4077	Process not Found

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

rootkit

pid	Process
4056	9a15e92854143e58f3adf74cc9956042_JaffaCakes118
4058	Process not Found
4066	Process not Found
4058	Process not Found
4078	Process not Found
4077	Process not Found
4058	Process not Found
4081	Process not Found
4089	Process not Found
4091	Process not Found
4087	Process not Found
4093	Process not Found
4096	Process not Found
4097	Process not Found
4098	Process not Found
4099	Process not Found
4085	Process not Found
4100	Process not Found
4077	Process not Found
4077	Process not Found
4058	Process not Found
4058	Process not Found
4096	Process not Found
4096	Process not Found
4097	Process not Found
4097	Process not Found
4098	Process not Found
4098	Process not Found
4099	Process not Found
4099	Process not Found
4100	Process not Found
4100	Process not Found
4077	Process not Found
4077	Process not Found
4096	Process not Found
4096	Process not Found
4097	Process not Found
4097	Process not Found
4098	Process not Found
4098	Process not Found
4099	Process not Found
4099	Process not Found
4100	Process not Found
4100	Process not Found
4077	Process not Found
4077	Process not Found
4096	Process not Found
4096	Process not Found
4097	Process not Found
4097	Process not Found
4098	Process not Found
4098	Process not Found
4099	Process not Found
4099	Process not Found
4100	Process not Found
4100	Process not Found
4077	Process not Found
4077	Process not Found
4096	Process not Found
4096	Process not Found
4097	Process not Found
4097	Process not Found
4098	Process not Found
4098	Process not Found

/tmp/9a15e92854143e58f3adf74cc9956042_JaffaCakes118
/tmp/9a15e92854143e58f3adf74cc9956042_JaffaCakes118
1⤵
- Writes memory of remote process
- Loads a kernel module
PID:4056

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/etc/cron.hourly/gcc.sh

Filesize
228B

MD5
3bab747cedc5f0ebe86aaa7f982470cd

SHA1
3c7d1c6931c2b3dae39d38346b780ea57c8e6142

SHA256
74d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5

SHA512
21e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42

Download Submit
/etc/init.d/9a15e92854143e58f3adf74cc9956042_JaffaCakes118

Filesize
495B

MD5
f500e175eccf65867e97ff670c984119

SHA1
023002794e50d1a480644c36da7c23acf18ae73c

SHA256
b38f04a22f64c671324ae6b769eb606372ac37daa247d32f169c96106b82d40b

SHA512
e4e1b381a0c89635987a5bcd747bf1352d672fedef25533ec47a974f8d9ddab6da7f934bee1ac1d7416f6e1bfbf593a07227d3ac25b8fd11605fa42f99fba63c

Download Submit
/run/gcc.pid

Filesize
32B

MD5
0906bdab782315eb9ac2db9a7f381275

SHA1
e8cb9bff766a529daa6790231abe312e745bdbbc

SHA256
170108c9b629ff307c7229fe395393876875c33eac5573d9135a98135b85663a

SHA512
183084f6c3d839c38a74cd40c21803071e124dd214b19ecf519459b5b0f778071818b4421ed4312b4943576a558aab4c2fe2ca946081d0dce8e56d671b0763fb

Download Submit
/usr/bin/bblhzhfgwk

Filesize
611KB

MD5
4cad00369c49ee5bc3bcabfdbecdbc7c

SHA1
5eba79fb6bd367803034b9d366ca809c11c4a816

SHA256
b8a2ef46c9d2cbef6831aa3e87d8cde27e8d674f8f29a592074c63d71553cb34

SHA512
66271b07f2f29e7c7f357cbac3719ad904c636723d34e4a7a91ca72cfd95cdeb93633c50a9f8769813d83ced8445a7fa1193295f06938d01b6dd5c2b44c7cde7

Download Submit
/usr/bin/bghksuwtyk

Filesize
611KB

MD5
c23a1060c3b2d1e81e06c6d5ad9f5d52

SHA1
8abe762b085357867b166e9ce71ca450d24d2540

SHA256
f16691266b7fa3a555caba5b4f1ab07a53f0d0ccf45b65237b42fd8e71dfb38d

SHA512
2208dc7442d3eab9a9e8e04a9e66bf18e96247eb84e43c0439aa084ea4a69af6a149c6fb15be21a0498546436e5875b1031fd3c539310697cc37b97f50517633

Download Submit
/usr/bin/bmoseownru

Filesize
611KB

MD5
166ea9eab251b8ac8f6611a276222da1

SHA1
d25c0fabae772d9abba9805dfb5621a3c1f58dee

SHA256
3de785df69102471dafd5ffd308da829d37957663ca04787c2a38927f740d33e

SHA512
772840bb2650c8ccdd44e5f672ffe28e2436a46c51b0afb59ed8a5344a7e87cf08385ad5c6e043733c9a20f586dd65807577d842fc50f49dd732304170b03fe2

Download Submit
/usr/bin/brffdhwrsp

Filesize
611KB

MD5
e9b1c99f09959e781593b50563eea078

SHA1
b7692da724f50d7caa77caba9927e00e92da60ac

SHA256
a2e88f7134552bf2d51b95fd1eee220a6fe3164735c9f0b687846a9fe208c7a8

SHA512
5934e2771843cb0f996cf3f2891507991dc65e88dbfb5a520de5aa240f6a7fc28ed55be4de5e9c980e1100c142c51d5fb2e35fc7c3a6eb0603359fd6fe8d6a83

Download Submit
/usr/bin/cfhhlvvvkt

Filesize
611KB

MD5
751993aab45329bdc73d2c303c3f55d2

SHA1
14706a2022fdefbaa3cb633346ce9ce9e240515f

SHA256
b349e5c155cd282854106f93e301ab841b59477fb8a15137bce7cafc3f347d49

SHA512
eca5f5ed8898e96a1c8cea785e77d87c65a63e9b91fee1d24a6aced2927154914f110336c1d6beb57fb316c813a55a234ce4b8af21e4cefcf95ce8bc9840ce61

Download Submit
/usr/bin/djisllhszl

Filesize
611KB

MD5
39bd6116ccd415b4ae6ec607f3c82bfb

SHA1
0818a3e831b346534ebbbe20597ca07236d0d071

SHA256
fad5ccbd07342037302fa27364eef347317fbd0fca3f9eb1c15f18a5d6a47ded

SHA512
e8e972d2c894eaeecbf09aff636db079f2e530326e2b0c54cdb140e4484c33b027e4e1a145eb2f5f16e4aebc4718a5d686fd87da6f0cc026d93e08a0c8374c61

Download Submit
/usr/bin/dkuqkhwbha

Filesize
611KB

MD5
99b4ea562904488b019fd1a64d6f6160

SHA1
7aafaffe0df475e1726384748230d408fdf2c45b

SHA256
b1a8d9b48f75f0d7f61fdb8f5bc8810d94b6a8e941a87a3557933a7091c4ced3

SHA512
38153f3cc056b5f916a4d4d602186dcb772a3e2e86949a8f65260123bbd2e65c3eb268cdf26697dfcc3ac4b05b64586a7bbe6baa91bf9daef85dba42650d1696

Download Submit
/usr/bin/drykdwpeam

Filesize
611KB

MD5
03464c095807e90228746c9ee0065731

SHA1
9d263678ff09d3ca6b3e9ada82709e2786e7ed63

SHA256
4e41859d5a22535b417137b42b739c34036acb09957530340ff8c6f1a12d5930

SHA512
0c950bdb57694b5a2663e516ae2e4860d58d87b2b2b6621abbba541df16fc4d6b7e6bb9c6abe920f78e5cdb6614dffe734664fbe2fc409c0868569c2f6d57ab6

Download Submit
/usr/bin/epovvoqtbw

Filesize
611KB

MD5
b1e19d1709fb531f1f224a19512ef567

SHA1
61e107fe678c0203c4a9d059b2ee112d7e1a1ce9

SHA256
cf67d11f92c14aa0dc7fe64a9a6124ba2863ee1157a168503aafe9a7c8af96f9

SHA512
8da212dc317338d96aa67efa07ac9bf6c7ce98d64b4385bc082c2fe659199f7db37088f2a38c9e5018237aea144c20512a30dfc166de0be30c72cb39170af3d7

Download Submit
/usr/bin/fhlvmbjvrr

Filesize
611KB

MD5
fdaa996341b711026f97b944a91821c7

SHA1
d447da4e3a774c87c22dba99ab583594d2364537

SHA256
48952df605c5fbc8947d11dab2e76bdff51bd89df501ac62704aba091bf0da50

SHA512
da3c043953a58d75d7015b8ecf0cd36b7531e39572390520802c2498f2af589ac6500401d0c7ce018d917444defc2ffa18cecd9da83a901f2e98ebccf6cf5b4a

Download Submit
/usr/bin/ghnovlymwl

Filesize
611KB

MD5
b3a16107a62bc2132fdb53d232d2df54

SHA1
01886433d657194481e6aa44513da87c07f6bca2

SHA256
e8e03514899111a1d138c9132594cfa2db7426fc9ed51d659b1cd5c471416f0b

SHA512
f58cde11e7232fc466383110208b479a722c1a126d1d8e921bcad57a74c50adeb8298ef57f8e7285ac6f05e57fc9914de2f003f89350e31cbbbd5db29e8ba114

Download Submit
/usr/bin/gwqqwrgrkk

Filesize
611KB

MD5
af155f8fd02035e1e7130a75590e1709

SHA1
c98046063df8aa5a9317f94f59888eb0a9ccd841

SHA256
b3a4585ab66da4a7ca32580e0a79d896d6b05b609b5f4e3503a9f2f9e9aa7f70

SHA512
95aac0ef9709b16371f66f7708b23529cc87773c8602f7fcef9483988c0af62c113ad368736ac8c8b88d1f0d7f100f9b86defce7efbaeadf89081609f2c7524d

Download Submit
/usr/bin/hgmommouyp

Filesize
611KB

MD5
974cfd0ec460ae05ad5e159956483c49

SHA1
4fa643c7dd39e8e7acc358f0c759c2d1216d5f4a

SHA256
260e73000a07f63e99ff888b213675f554e1c48033b2f649ad1db2883ea49018

SHA512
9b793bc5e040634def4d3af8fe471a93cc9448c2680353f017aac2cd8633a734d65f06b374a8a002ec5f2e2793df4f82455a22e539d506b78335d77e9d08c04e

Download Submit
/usr/bin/idefhupvmy

Filesize
611KB

MD5
3a562085b934ebdec30191aa05e90bc8

SHA1
85d84dcc0bf7925ec6bcc6b466fdd75521ed77ff

SHA256
972472aa9f1944fdb4e01b6c83a4b30c981eaf7371b906cfe5e2811bcc412cd3

SHA512
223ccfa33daf292aa5190778ae94aa988c40962cde56827b398a51bc3c8d51f6c2bf0b51f650fafdbf99b6a0704307751c565896f1782b0ac4d88843ec7441bd

Download Submit
/usr/bin/ikvxajeysw

Filesize
611KB

MD5
cc1d470c6c4535709bcf8af9e4a036b4

SHA1
2d5ab639478818d3de6bfd6ae91214f0af8a0dbf

SHA256
e80c732b4c46a6ee3e94f8321e35dbcd725854674316873ff5d124787f613959

SHA512
a959f7e1c7de8d4b88609fb98bca65fbea50ae247bf17bc8520574b56690b374ba1f81c7daf1879f9de9b9e68cb42b7bbafb3ac23689cda45caea8b0db69cb2e

Download Submit
/usr/bin/joaijubjfk

Filesize
611KB

MD5
3af08f95471196e5e8452334d4cf4da7

SHA1
77fdb4d0524f0bbf40e8af01038054c0bf787c44

SHA256
6e92c4347453d3c29593730688603c8dd91b8739b9cfbb0d20c6e3be6b45e213

SHA512
9f3d1b24da371387f8ae2ec5aa7c83496399f265ceec46272efbd5bee38e00aaacf7135c17ffa9ad92503c7be24ddc022eae42632cbfbbfa77ed6a4a9364307c

Download Submit
/usr/bin/kcjvydsypc

Filesize
611KB

MD5
8877fc4b72f036058b60cbf432497d1e

SHA1
6c266731294bbf01cefc2acd35d2c28bdce4cb69

SHA256
e94f991118b7dd6d0324d1c71061f636b553c2b3d82164da39fe0320930c87e9

SHA512
4d315009defb8be2c3e30652cda70b57510150f8b2bb1a1b6b0735e47b3f8b4c6293ec3fc246df2a326b9904dbe9e6e35de39e7f2498d8fbd76b9625ef03144d

Download Submit
/usr/bin/lnhkkjejxu

Filesize
611KB

MD5
d9594ec0620a5c03828395d41671582d

SHA1
3bafb7b6081508f1c941fbccc839b9f22d555a8d

SHA256
a1bdfcdf85fb2cdd036500cfd81dfbc0732c4b73fc1b4d4fc726abd12ccca604

SHA512
a42cc487fcf5a3e65a35967b169d33547a7c0006b103c3330fa2b68ddd6954de88e6409fa7bee9948f59bf4d09fc02ee6eb14e2da2bbc924668c7d53d69af51a

Download Submit
/usr/bin/lshtumvbdm

Filesize
611KB

MD5
2356337f1ac22e6a4687a154db4d952e

SHA1
ec52a1d677e371636a5e72cf080b2fdd393af675

SHA256
32f7a07db5d013e109f8346d0c99d6f04894eb021ee5280918dddd5f96aac9e2

SHA512
3d710f1c73c3105ac13c0715263bc12e760797475071555d7743d9e1bd29a16b9b18bffb8d1efd20624c1e390cf5c4a8141460e1607ae0156af6a9adf4e34586

Download Submit
/usr/bin/ozvethgfdh

Filesize
611KB

MD5
6b832864312c3de12f4147ad1a56ce3c

SHA1
74cc6e3d631be80abf33bbf197ab46316851da31

SHA256
f09f5f5a5689b9381f14f51d05ee5e4dfca32d47b75b250464d40272597761b0

SHA512
d6af4cc1073eb216010663b02cb17d16f24f2357aba7cf7c7e166e1c92368538a0b86944bd4979e43ba4b3d0753424fd8681c944ad21ad063ff0a7b81d604f8e

Download Submit
/usr/bin/psbnufccjz

Filesize
611KB

MD5
87f39f0e9a4fb0d2260d61facc630703

SHA1
3633765c49418d69f8f3eb16125c3aa30bf86343

SHA256
071c4d18e3292f66af58adf85dde00f55802c5ab6a7e0de23f72065a84baaa04

SHA512
4cd5a009abe0f8a371ef1346630376c8a603c27b5425a6bdc119d605e2962e06f1d5555352a653de476584cb4a0832a1efae83809456a6ccab84a901b00b7031

Download Submit
/usr/bin/ptnnbbynrf

Filesize
611KB

MD5
eca6245e72f360f7ff4298beeb8abccf

SHA1
d3be0d74633fe9d9b0aada7a1ed394a824d3a831

SHA256
83ad93de442c968d7d69014106bd73d74e23135378a20f81260233687de27e8b

SHA512
c295b5d18e8a02e4ff903a381bc49d6f00ce4d9ba5ee085003eec27d503f5475603b8e5fd31c94ed84ca0b1d5134a0aa9430f2d551dd9b1cdf0993334f949468

Download Submit
/usr/bin/qifyanhevi

Filesize
611KB

MD5
ee35deead5f92716137fe79064f6debc

SHA1
f7723122c0c132264dcc0484a7252709100aa8d5

SHA256
b3e471308fee88744283d88f57d14b83489b1ef0ce1843e5662866d072275db3

SHA512
d8d10428d4b825735f915a422de29f55349c32d3cb8e08dc89021b9c3aaa9677202426b7ef0877e9782cc7b8fca8db9b1ffb6ef141ac152ebd539cad4b097274

Download Submit
/usr/bin/sixqwlwwem

Filesize
611KB

MD5
b249db583e55f375d4fdbb2d7af265a5

SHA1
e90858e1c8f31d29d1e5a1253ffa2d7bf7759b32

SHA256
4b05a20d3a637de3073c65c99e837b66ee13f8ff6ba1018e510400e28fb07537

SHA512
629ac7eb735bd08f046e05696fc9a8e17c28152a642b1b0dfe03d16a9519a1e8d13b0db50eae9986022eb547b2d222c39ab109dff58da5565447af1484dbd41d

Download Submit
/usr/bin/ugauwdbbtn

Filesize
611KB

MD5
a9430126d20ff5d8224da511f05205c6

SHA1
1d21dded69546b70d08a447c6fb174c68b155ae5

SHA256
21a1a63a8418d9d60f3e901ad42c459f7926543a73171639bb936ea76bd85fa2

SHA512
03abbe26cfe1bf49b3a586a9b82f2a656529aff22503bbb20f37d3e9b29a6d3fc0db5175f32add41e8c85a29aa43c92089535cd81f641e51301966ce08772904

Download Submit
/usr/bin/vjrdwgrjzy

Filesize
611KB

MD5
90dfdaf34d9495110f3b4bb474e44d94

SHA1
85d1e2f01ddb349a73f28c005a4d5920be1d57f5

SHA256
d662f237962e315a4f87d95b481d7b8c00fa571d8e4e7e5315585cd56da2b780

SHA512
ba740f733086022a08037db3153356d181f32d4e04df2cc8c0751c294bc48ec51b223bf7f65a1372e56c1e54606f5947f915a3d74e05f7a79ee9256c92c85a32

Download Submit
/usr/bin/wcgxrnbxum

Filesize
611KB

MD5
893b2e1303e7ed19f1787f8700a397fa

SHA1
c30bb5b4f630d120d975dc1041b39ad7be964262

SHA256
fe50f71cf25eb04d1418b2a067b96d3defc577bdb8a60c1c42df26636a42a63c

SHA512
79f772218f419417c08b85ceba04f495b3bdb782fd4937f06b1401277b73a8eb0fc40223d63df7b6ba90cf9a47798c2414d673ba0787013698cc3c5bcd0266d1

Download Submit
/usr/bin/xbjkmfnivr

Filesize
611KB

MD5
a31ceffc1599b3a42724cf9bd3c634d2

SHA1
cbe1d83773a38ff965304d60493b5b82c6bf8655

SHA256
995b544f6fb156b2293d2e62e199250cbb744f27e8298bc65e710adb9577c75c

SHA512
c279e964100bf9c58a4ff94f8b0a3491cf4abf7878a817cf1f9c970de66c1c8ee7d49b3fe1fa9dec4d2fca7c2a283913f975cdba4bd066073b43f5485ab008f4

Download Submit
/usr/bin/ygqtlaxwsd

Filesize
611KB

MD5
06a9e6a4cb42245c643567bc431a4e43

SHA1
1c8cdd6f213fb99cc2ac4a8d49b13eaea815d811

SHA256
636cb67eb097395fe38b545d914535c8f39b7d1de2a8b05989b1e63a1a6592fb

SHA512
580d103ba7aba43c5286745fb2fc5f16ca30bff528bb34d86ac528afdef8f0f5574cc8934dfdeef808dc2954f672eef7869809fe0f5842f3261d976f4a2e7c72

Download Submit
/usr/bin/zgggfungdu

Filesize
611KB

MD5
3889cb664576e06581c14a5b0765958c

SHA1
9190d55c85028ac376c02eff894da9b55075840e

SHA256
148c9648918517e1840f4dd89a62e271e49fee70641794b6eef4dff9103ffdc5

SHA512
6e7abeea929f503ad0c11af7edffe8790deb1aca58beda5864b7d68fbf9da95bc9645b9254c5d74d53192d249ecd4c814561e4b82f3feff867bf0aa34d19f88e

Download Submit
/usr/lib/libudev.so

Filesize
611KB

MD5
9a15e92854143e58f3adf74cc9956042

SHA1
a6821803ff1dcb7ea567f67dbf5ac9f878dada48

SHA256
b5af6310e833e227562ece7d24dbb628a7717b91a0cb67ec2036dd1776fb1b45

SHA512
78cdd01c9b4cf5f30a4c2f5a2e2b1093de2805ef90f9e34051f2ad18145fa2e57e1d795b51a557b706b44f77ac93b6b462e2b53411df41baff7aee311e120c35

Download Submit