Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
17-08-2024 05:35
Behavioral task
behavioral1
Sample
a15e9d2d69c1407ac5b42ba46d71fc58_JaffaCakes118
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
a15e9d2d69c1407ac5b42ba46d71fc58_JaffaCakes118
-
Size
603KB
-
MD5
a15e9d2d69c1407ac5b42ba46d71fc58
-
SHA1
5a124a3a2f363bd3740ab792044d9a06dc4256d5
-
SHA256
7aa8eab2f01783bfe9bb7d8e051baebf563629645d73b2af42022d28a8143179
-
SHA512
f38eeae08e03f19339d03b01a271df14284bd22194887b492c24f6e4c89ef7b416507350cab6a5de8d90084519703b78cd844f35a54a4fa13b8643f0c6a395c5
-
SSDEEP
12288:R40XBrnlTCbI5ZBP5IePtqLn4yFeC+oT6ygF9b4elMuThmVF:e01tCbqNNPtqLn4yFmoEbdlH9mn
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
gh.dsaj2a1.org:2822
www.wangzongfacai.com:2822
174.139.217.145:2822
-
crc_polynomial
EDB88320
Signatures
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload 31 IoCs
resource yara_rule behavioral1/files/fstream-4.dat family_xorddos behavioral1/files/fstream-5.dat family_xorddos behavioral1/files/fstream-6.dat family_xorddos behavioral1/files/fstream-7.dat family_xorddos behavioral1/files/fstream-8.dat family_xorddos behavioral1/files/fstream-9.dat family_xorddos behavioral1/files/fstream-10.dat family_xorddos behavioral1/files/fstream-11.dat family_xorddos behavioral1/files/fstream-12.dat family_xorddos behavioral1/files/fstream-13.dat family_xorddos behavioral1/files/fstream-14.dat family_xorddos behavioral1/files/fstream-15.dat family_xorddos behavioral1/files/fstream-16.dat family_xorddos behavioral1/files/fstream-17.dat family_xorddos behavioral1/files/fstream-18.dat family_xorddos behavioral1/files/fstream-19.dat family_xorddos behavioral1/files/fstream-20.dat family_xorddos behavioral1/files/fstream-21.dat family_xorddos behavioral1/files/fstream-22.dat family_xorddos behavioral1/files/fstream-23.dat family_xorddos behavioral1/files/fstream-24.dat family_xorddos behavioral1/files/fstream-25.dat family_xorddos behavioral1/files/fstream-26.dat family_xorddos behavioral1/files/fstream-27.dat family_xorddos behavioral1/files/fstream-28.dat family_xorddos behavioral1/files/fstream-29.dat family_xorddos behavioral1/files/fstream-30.dat family_xorddos behavioral1/files/fstream-31.dat family_xorddos behavioral1/files/fstream-32.dat family_xorddos behavioral1/files/fstream-33.dat family_xorddos behavioral1/files/fstream-34.dat family_xorddos -
Writes memory of remote process 2 IoCs
pid Process 4066 a15e9d2d69c1407ac5b42ba46d71fc58_JaffaCakes118 4078 Process not Found -
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 4066 a15e9d2d69c1407ac5b42ba46d71fc58_JaffaCakes118 4067 Process not Found 4073 Process not Found 4067 Process not Found 4079 Process not Found 4081 Process not Found 4078 Process not Found 4083 Process not Found 4067 Process not Found 4086 Process not Found 4088 Process not Found 4090 Process not Found 4092 Process not Found 4097 Process not Found 4098 Process not Found 4094 Process not Found 4100 Process not Found 4099 Process not Found 4101 Process not Found 4078 Process not Found 4078 Process not Found 4067 Process not Found 4067 Process not Found 4097 Process not Found 4097 Process not Found 4098 Process not Found 4098 Process not Found 4100 Process not Found 4100 Process not Found 4099 Process not Found 4099 Process not Found 4101 Process not Found 4101 Process not Found 4078 Process not Found 4078 Process not Found 4097 Process not Found 4097 Process not Found 4098 Process not Found 4098 Process not Found 4100 Process not Found 4100 Process not Found 4099 Process not Found 4099 Process not Found 4101 Process not Found 4101 Process not Found 4078 Process not Found 4078 Process not Found 4097 Process not Found 4097 Process not Found 4098 Process not Found 4098 Process not Found 4100 Process not Found 4099 Process not Found 4100 Process not Found 4099 Process not Found 4101 Process not Found 4101 Process not Found 4078 Process not Found 4078 Process not Found 4097 Process not Found 4097 Process not Found 4098 Process not Found 4098 Process not Found 4099 Process not Found -
Unexpected DNS network traffic destination 20 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228 Destination IP 103.25.9.228
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
146B
MD5ddb9a901eadce597284d68ebd9fe9311
SHA11d26318bbe55f2f936ae1015df656535427083c2
SHA2563bb8ebd394bcaea3f083d93daa3c3bcf918a4618f84ab45a1942759d16b070fc
SHA512e94bd51f02c323d2376e666a9c56a87c2f55d1805b44762d4bc6d5d60ca52e85ce996ba51142213ba783ac858660a3ba254988215b0f4d398b1e99bf132a5d1c
-
Filesize
495B
MD59ad76747bb14a936fd6aa494fed2fd54
SHA1169b2502e309f3d0700311ae77e74ebf5d70d71f
SHA256e4f7da63754079b67e49c0ce4ac5bc4c9fb2faea3d8beed4f7108bf400217e45
SHA5129beedcd96023c37a29f3f5f71e665f4e7d21523cf08b3ac3a2a0938729a0e00f3991723d3272464f8c370023fe1741a0328f9a6f0ef7e385f1995a6b686f9a63
-
Filesize
32B
MD50f660e54fa532e7e86021fbac79fe59d
SHA17ed100f91519d287bacc96f57fe318c51aecfa53
SHA2567e164da81ad9d2c4a0ac3e23296a8c4ceeff6b9a6742575ec4c3aa599070e99a
SHA512dc6e655160bc403554814fc015e73ef1e0ef758cea84dd21f6dc2efccc7be655758137953a2a66883911b5822ff69090d9177f725617b0c13ca9a99f49f2a0b8
-
Filesize
603KB
MD58fbc65f7ceec4201f38a31b47767cf22
SHA111ad5690fb1d9e8bd214ca949f88bffda3d3ffe5
SHA2563a4aea20443a658737fa7f27b8dc4b20abbf1dda023ab8b0ddf83161a5df4142
SHA51240e73b2d02f6b5d76046d79822fc0bf69215da4239b1148b764cbeda8d39d4bbdd802e572281c33133ef30343f6039af8d70032bfc5305d38e6514cbf71d57dc
-
Filesize
603KB
MD5b0061f454f2fcdd0898623d803f8f4c7
SHA17b309b9b7b972da6db5f4559de5e8f3550a6513b
SHA256d1eacbcb9a64c7c1d6aad266315bc15d6057c1d00e5c8bc1428022ce1e5255d6
SHA5124d9a12e16810a911dd41db318381afb02259613c034a1f60653aebcab11070f837698c0391e7f23a236e9c358c8dc143af21aa04b1e7ec355e26c506cbeb6d29
-
Filesize
603KB
MD5d430264bcf6a16d221f17fb562f8ac38
SHA19c40bfc4548790e409db88071e492fd2daa340a2
SHA25624c2d78f968bccb817c3ba561bdc333b76cc31746129e6ab5febb3cc2999fe33
SHA51296fc07ba25e6fb0957bab1ddff614efcd1b8850ac9d23502bfa6ae041154957398a51ad44273e9c7656c975e2e63ea9ee8fefcf855a49410d2580cc29a901e31
-
Filesize
603KB
MD5c3d97f4d47ee5782a3f18ea0e4d0acde
SHA1ba39b14288e2badaa40d51a6e151035d5b267c15
SHA256bcee20767e362d4a7b2a0101244972a98352d655586abc16c5d68cd59cd20bbf
SHA512e91ee8f4c16a1b88ce987878cc2eaf96fbabfa3aabc7715246e6cbf6ea4a183ab66475860e0aed01ff98754244e05fa29bf947e56e7c63e4fc8f0bc25c1c7102
-
Filesize
603KB
MD54b7e594e5594d5d9afd2f751c647d618
SHA18dfccd58595d739a28c0f7fdcadb898fb95ec393
SHA25634932766da6592e90f8e3103585554a9f61ea4221e608117944a0fc771c79d82
SHA51284ba67e62b6d59974c2122ffba8ec362682917d4b46322461ed915604baee47ffcc0cb77c1f898b9eaae79e56638e8e6d4b74c12ef342d9791f2da01a9d70863
-
Filesize
603KB
MD5c59542dac77db870cc193833c1ddf580
SHA1cfa7e04594c5e7f91c2b31c933fa475e496363d0
SHA256078f26f357536b00799d51d6f3af877c0e052aa699628260253dba5b959ed8c1
SHA5127f77187b2bc34e9ad3efc5e5e158900cb2b03d2c47ef6cd5c2609c3d3b9b7983fdcd56c4b99d09f7b55c3c36f5dd8c8dff529b1d447664556ac7652cd54205b0
-
Filesize
603KB
MD51f78dc421a320cfaecd51fe13fc21bc0
SHA16df8e3b7768ed52f40f7cbcf1c74c20fda7ebe9a
SHA256d87936fb511ac04376b1c3876461955d109153ba615d805b9992955fe9520c02
SHA512aafaf026bd6194e5ae5957a409b7d450298f985440edcdb44f634d43d7b3dc7f0c1806f8d041e468b7097b79ce8b6434429c1ced64a17aeac95069365c33b0c6
-
Filesize
603KB
MD54498da61e56713ec08dc077be2e70376
SHA153b128a6dafe3ea471869ec41eb91cc53b029c73
SHA256d8fd3246917491cb0809200881ebc85358f39ee2e7fdd06259e3d919bbbf1430
SHA51266093b4ade474f9ea464b814b0fa777446fa7d7eeacd6b8e2a68a35fdae300189bed5fdf307d0cf48d64c9a996dd27267ef22992f02b1148f436071e3380031e
-
Filesize
603KB
MD506a9cadc3b4397a4d39e61e49b94e2cc
SHA1a23c7414739758f9bcba57d9b3c04d8b0d30d2ef
SHA256ac166202cd97f9306b8c8b1d5707d9df7c2b6bc94fa9f1001e96ffe579a960aa
SHA512a212f03e2ab8dacb1f6c0ab5f6b48932cf2d69ad9c99d291bd550fa4819649f52a0a07dbe867cb6fa68d8d1d47b97688b03b3dbc7fd4201e81a1d61ef236abe5
-
Filesize
603KB
MD5e0f64a1811d8fdcf42251e74d5d7bd72
SHA182af6cbc9c31aaaec22fa2555ec8ce9a178e05ed
SHA2568aff3091904579e59cfee0743edad78d29e0d699ce85296904d978254922129b
SHA512f88c26118b934aac08c3e1c59f401c91d86db723cf085c7dc0ba191e1af2f4bee8bb8a6653d1cf8a872fbe8d227b69ceb891fb0b12086e842d2a73775d652960
-
Filesize
603KB
MD5e9cf751fbd4da8572592e90a6417a02b
SHA1450a6d7b50b4e96c8d5e4497b06edaae16638348
SHA256e5659c8b7d594a1ca1f3e7cb12813efafb0a76223ddd1945a5b0f378b786fbe8
SHA5126221acf04a20ba8c4d6c87de4298572f3e4d26743389574954fc7eb9c315933c667b3a1b156734404a3d83c71b682ba71ac1088aa365b5510adc33e9e462a7d1
-
Filesize
603KB
MD5605d96872ef3eafbcd0cb64b1ca421f4
SHA10c3f4e227b6e397597849167b915ad52564ca5e7
SHA2566b69bbbc2d815d483461f741be25a61c47395fe33b4081544b02f37701b06b93
SHA512a7434c2422ecbe1cb7c74fef72aa417d77dba3ada35beeb84b034795a762975f352574b81a4b44e80f3d576c8bee606812a5b768edcd1aebdd144928d0615a0b
-
Filesize
603KB
MD5709c41d59dfac71de6087dcd5a28a3ed
SHA129e048fbb6d124301f99af8b99da094df702eb7a
SHA25661346dd97e895a04b4c19897b04a2b85c2e7b52b3e7b47450dc606677abb73bc
SHA512f3f52299d819a663e7c4cf396e5b7af76895e9ea5bc7d592887f35803d08e664cd40f6602d194d747eaf307cbb96649b87a9365bff624009a484425bdd8fcc83
-
Filesize
603KB
MD51261554ec814336b7fd0010f8de58ca9
SHA10b51dbb37cb5711dfbe0b9d32a88bd75f44a4a53
SHA256004b5d5d580e388bba1d102b7a012d3a53d8c60d8e48d03c06b035dd0c05861b
SHA5128a2841d9a4b377ba10592b8a99f7a1744d4872601246c0c946d0e3c831f637c3008d8e4a9d0ace416123d7481373f47419137ecfae6dd8b5cd74ce9d5b1c3515
-
Filesize
603KB
MD5e01bff3693eaefed8293a320fda63a8f
SHA14ae71f5d72a073204439656883664606ca14a386
SHA2568e89bd7ae8b1a58c034c1c92b5d055fe91a8e50b6705ec2c25f0c6ff37676748
SHA512fd96f2cd5bcbb222038989715c422915db14b0116c671d01eaeab5b6b983d5614269f792c2e86760478ea21b7e3b83c4f5bcc055dbad06d75ecb435e8ca325bb
-
Filesize
603KB
MD5c1e42e9f7840864ba76e5bdea6b0e882
SHA1ee3e0d53783e251e5dcefe8874bc76712727df9d
SHA256ed0e6701da1e9d212e777eb15e40246befae4f62cc39e3aade5703bd016d4695
SHA51296efb770cdb837942c4643f15ba4d5a08752919d664488d0d4cf680b500d1f645db90d7cf9fa50f302e892886ee88636a3a99defc28f7ef343dcf44ab63880e3
-
Filesize
603KB
MD5893452183440a8f3461f964cf64c7b0b
SHA112af83a0a8286cbf48641e4a25939db65f759e65
SHA256c3f78e9904c4622972bee043184f9a40a5517c43ca806df98538a2cbff8dd8d8
SHA51205d21ae29bdadf3be9a635888b480d5af7803c922aa7eb6c7b96aa66a8459e239cb6c7c9405ee6f5f66fec1f0ec224c1fbfa7c7b4f9730741fb98d58d2449b3d
-
Filesize
603KB
MD5c6c391e7be1873c04cf867cd1399a387
SHA10ae173f2480f2f36c0d112af3a5fcaf5e42252a7
SHA256549f0e8c3b3560e71da90fc991c7f06d46c86b3ef8ee4672a0c642f01d6b181f
SHA5124461405a4140d296ab0799ac74a1968ff9fd97e87b0253a6701c19fe3c7ceebb45e761a2ebc20c46ebeacd0f49d7e50f390845b4a1f4a9c10abbe3d45241663a
-
Filesize
603KB
MD5b41135a984ab0e1107af15b621f79042
SHA1b95b0d97bacc76a8f69ada6f1e48f6ea460fbb96
SHA2561c8abd7b55251f8407e962c14a11fd2a0d666506a687290b4d15b6e3e220f061
SHA5124395efdb15b6ccb7c2b9c64a820c1e7cbd697b5c971805a7e5a55eb54fb9f5bc47a43f25eb11cdef0ecb8dbb906c896a4fc60d77dd83fd6c9d814a5f376f790d
-
Filesize
603KB
MD5205c72e59f95bf269cdfd7f738daec9d
SHA151b7c877d0f8f2f091662d34493fcc28cdb99a06
SHA256428d68fb2f2d7a3cb942771af1041e63afdd92800d50535178d26bce3a2e4402
SHA512d9ac5e72ee9efe3b1576a986bfd6a1fe39c39e1be783e71e40803bf47d2613758ae38a8914bfe703e61fb2312119867627a593b9b3c5cdb1729bbf4c6894a5d5
-
Filesize
603KB
MD5b4eabfe6462538b474e78bbe194fa6a0
SHA1f1b9ad7b71366eaed570555b61f05f11b14500ce
SHA256fa5a46f766730805a0ba7ed5c27bbc5062bae6c7249561135c8b42f8081de75d
SHA512a1c45307e6ef4639ed1265c695116a7bc89a407cce46d9bbc80e93e3fe7132b85690782ad053dddc6b7c62c00726c491ee97e5c05dd0b8d50f858f2d29706a38
-
Filesize
603KB
MD525d1d0e462082b086e3868ef4d189205
SHA1a008d2ea301f6bffa8399e3ffb578c8482ed4014
SHA256f8c8a6aa6360d1c37c13f021c98e2f062eb2bc7cc7e96f470eeaf9db83b53e62
SHA5123c0d12bb4ac59578aa188111e3e31de3fec89990b913eb703ec663d49c169f1af613be36ab8b702a43535447d5ca8439f9e49d29e1a6498eb0e81ab83cb605d0
-
Filesize
603KB
MD5db3934925492924f9cf9a7adbf8c6b89
SHA15cbe60246414f16ac8c80e54454c680c7c76d77f
SHA2561c3c26775ceb86d990dbd5cd47c7e58b0f0226f4cc1129fd333c7ab5eeb5d5a6
SHA512098393d843bdfde18c5679cf4d409138a51cc441bc01d31b36dd4d64f7096b60e827c2187090b35fb93e98b10fe0d53b5e430947087c1876d5b62d03b29da09e
-
Filesize
603KB
MD5771f7d486553e02b8ae8740fd0e691f4
SHA1a22b483d760cdf6675bc6d39468cf540c02b4f82
SHA256a371bd4dab149a3d7010f729caa5176558d1414bef2ed92f2953741c3268130f
SHA5128be539d8eb824731275f3021f48213ad8ee0307ebd067da1cbc5c23b15590dee30f9ccd7345c97eaa2ee0a3bb70a398ac72bee04a6ec64a8522a85abb5dfc59f
-
Filesize
603KB
MD5088b4a8e72cb7febe18485d620dcc079
SHA13f9b3c0488974d1c6cc7e59335ee028a9c7387a1
SHA2569f241a952d4964eda22bdb4dfa088e3001987e6bdce82f7f0a6d0f393277343d
SHA5126f6d621fa81c815e72128ce7d169152bba0743b9bb288559f8626b2fc711da126629851edfa70a612c0065281aaa159e963e107452a947eb6b943fb38cfc39fd
-
Filesize
603KB
MD55bb6fc48b4ee4b0f18c9a3a688938cfd
SHA19331a098385ada5f7f5fd16afd7955cfbc29e530
SHA25629f21fac6adb69991eb0ab671ca71aabc238a7a07f5c2a9043a668970ed97edb
SHA512ad590789aae312e06e25375558b080d80ec265efc46ae9f969f94be26e5492647b8fb7541d30797c4453a4ed5477f3bc117cf237ab40dd0be17a33c582079d95
-
Filesize
603KB
MD57035988df30ccddaa9680f54bd73c511
SHA13ebb5b1123d150df01a4de68c98aba8ee7f75c89
SHA2562c4de5d4569767cd9cbcf7045a1dc536457008d012a38b495d679422c61e5058
SHA5123ac3e386dac1628bd2a20eb785696e98d2559eb096fab4343b6834ee2eb23eceed3cf3866bf8b99b9e6faef2b8d8a7635f299ddb463c934391d73651dfdc2e21
-
Filesize
603KB
MD5773b6401324feff6fc534bd5566db644
SHA15cd84c57caa6fc776d0b42f37919f6b879cec083
SHA256113db8e44e5df49b9b8dc123a690834a533496551b9334ba9c1bbfa4f45f9b4d
SHA5124ba561045de8fc382886af43825d720b41805169e746387a2be4e85463a3ac21f1d14a4e2360f3babdebf5436bd9ae555e7f803c3d02cfc46a0db73d6cfe3b75
-
Filesize
603KB
MD5fb9566060debf49c90c8ed6fca096bc8
SHA13f48b0653440dce6556607396e3411f15ce7e8d2
SHA25663cd7d5e2a7cb092a5c9a3d399714117eff24f049edf64fb568a89729e05502c
SHA512762c5e132e48a68a9bef2d441843457b6b5f0c4a4f41f2ccfe0ff569b98da860defb816d6ed4385ca76de22b9398a1aba27d564ed3c32727d42351f10f058536
-
Filesize
603KB
MD525f098314a330532a6c2cf9a52bfaba0
SHA11cfa31f8e6968b85014efb900a9a6e1854810a57
SHA256c6902ebcaf52dbb5b12d0c78381d7b8e3c6d98818cb3caaa7cab1fae9006c05a
SHA512d2247cfccb7c56bd3226ace320f90bdfce85b9196a3751e026dc57d9405cbdffa743feaf75af2592430a3b8c411a57f136cd00c9405ff9b83729f187e0fb5a34
-
Filesize
603KB
MD5a15e9d2d69c1407ac5b42ba46d71fc58
SHA15a124a3a2f363bd3740ab792044d9a06dc4256d5
SHA2567aa8eab2f01783bfe9bb7d8e051baebf563629645d73b2af42022d28a8143179
SHA512f38eeae08e03f19339d03b01a271df14284bd22194887b492c24f6e4c89ef7b416507350cab6a5de8d90084519703b78cd844f35a54a4fa13b8643f0c6a395c5