xorddos | b81e95eb2f1fd0deaa4c1873d306003148928bcf5b9394e99c56974d80817f5d | Triage

Submit
Reports

Overview

overview

Static

static

a37bf50d53...kes118

ubuntu-24.04-amd64

Sharing

General

Target

a37bf50d53fb2409c16d7007d018cc8d_JaffaCakes118
Size

611KB
Sample

240817-v6w45s1bmk
MD5

a37bf50d53fb2409c16d7007d018cc8d
SHA1

4fa2128dd1d4fce1266de321c94fc8d3b353a956
SHA256

b81e95eb2f1fd0deaa4c1873d306003148928bcf5b9394e99c56974d80817f5d
SHA512

b757f859f7d42ac0a30abcfeb1fea990194fc4dd8894275151d594319332e3e63a19fcf20493dee1380df6a4d0123eca4f6dc303180aed100e83ba38fe30ee0c
SSDEEP

12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti2x6yB1/aGK4UlUuTh1AS:UB1BVpmExDYp38X8LYTWh2fNaGQl/91v

Score

10^/10

xorddos botnet downloader linux rootkit

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a37bf50d53fb2409c16d7007d018cc8d_JaffaCakes118

Resource

ubuntu2404-amd64-20240729-en

xorddos botnet downloader rootkit

ubuntu-24.04-amd64

5 signatures

150 seconds

Malware Config

Extracted

Family

xorddos

C2

http://cf.gddos.com:8080

www.baidu.com:2800

59.188.242.190:2800

8uc.gddos.com:2800

Attributes

crc_polynomial
EDB88320

xor.plain

Targets

- Target
  
  a37bf50d53fb2409c16d7007d018cc8d_JaffaCakes118
- Size
  
  611KB
- MD5
  
  a37bf50d53fb2409c16d7007d018cc8d
- SHA1
  
  4fa2128dd1d4fce1266de321c94fc8d3b353a956
- SHA256
  
  b81e95eb2f1fd0deaa4c1873d306003148928bcf5b9394e99c56974d80817f5d
- SHA512
  
  b757f859f7d42ac0a30abcfeb1fea990194fc4dd8894275151d594319332e3e63a19fcf20493dee1380df6a4d0123eca4f6dc303180aed100e83ba38fe30ee0c
- SSDEEP
  
  12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6Ti2x6yB1/aGK4UlUuTh1AS:UB1BVpmExDYp38X8LYTWh2fNaGQl/91v
Score

10^/10

xorddos botnet downloader rootkit
- XorDDoS
  Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
  botnet downloader xorddos
- XorDDoS payload
- Writes memory of remote process
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
behavioral1

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

xorddosbotnetdownloaderrootkit

© 2018-2024

Terms | Privacy