General
-
Target
a14578469fab44514dfca6c4eead755d_JaffaCakes118
-
Size
611KB
-
Sample
240817-fk849ayble
-
MD5
a14578469fab44514dfca6c4eead755d
-
SHA1
cf09ec13381b559a9d0e2ced5d8d710c8ba2affa
-
SHA256
3bb61c0ad19495ae554363823eb83657b403c3aacdf9cddb9b111c2c4321a6da
-
SHA512
d512738b7732de3eec37e9eb024d4fc592f13190bbe069b1884f9b6348357e4eafcb1ca01ed75e4d8bb9cac7164cbd006a18e5467d24a17b540124652fa1eb27
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91h
Malware Config
Extracted
xorddos
http://aaa.dsaj2a.org/config.rar
ww.dnstells.com:25
ww.gzcfr5axf6.com:25
ww.gzcfr5axf7.com:25
-
crc_polynomial
EDB88320
Targets
-
-
Target
a14578469fab44514dfca6c4eead755d_JaffaCakes118
-
Size
611KB
-
MD5
a14578469fab44514dfca6c4eead755d
-
SHA1
cf09ec13381b559a9d0e2ced5d8d710c8ba2affa
-
SHA256
3bb61c0ad19495ae554363823eb83657b403c3aacdf9cddb9b111c2c4321a6da
-
SHA512
d512738b7732de3eec37e9eb024d4fc592f13190bbe069b1884f9b6348357e4eafcb1ca01ed75e4d8bb9cac7164cbd006a18e5467d24a17b540124652fa1eb27
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-