General
-
Target
9e7da6f9c2c746c0375e45e037aaa08e_JaffaCakes118
-
Size
647KB
-
Sample
240816-qey27swdph
-
MD5
9e7da6f9c2c746c0375e45e037aaa08e
-
SHA1
08e9ddb6727b85cc267d406112026df7beee1568
-
SHA256
eefdbf1ba214cb43bd3860f1aa566b404a2987ff92658f8a963eb773b7d6065f
-
SHA512
2093f3f0099c430eafe0513db3c5ac4f97b2e26b27da91f2adff3834ebde56bff07f685d3abe72b5901672000e28a5449807aebf3395c37d389c93083406d418
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Tonbp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mb6wvnDWXMN
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
linux.bc5j.com:2897
154.127.52.195:2897
-
crc_polynomial
EDB88320
Targets
-
-
Target
9e7da6f9c2c746c0375e45e037aaa08e_JaffaCakes118
-
Size
647KB
-
MD5
9e7da6f9c2c746c0375e45e037aaa08e
-
SHA1
08e9ddb6727b85cc267d406112026df7beee1568
-
SHA256
eefdbf1ba214cb43bd3860f1aa566b404a2987ff92658f8a963eb773b7d6065f
-
SHA512
2093f3f0099c430eafe0513db3c5ac4f97b2e26b27da91f2adff3834ebde56bff07f685d3abe72b5901672000e28a5449807aebf3395c37d389c93083406d418
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Tonbp6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1mb6wvnDWXMN
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Deletes itself
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-