General
-
Target
a6ea3e2aa4751022d24a8053619bbfa9_JaffaCakes118
-
Size
610KB
-
Sample
240818-q79peawfjh
-
MD5
a6ea3e2aa4751022d24a8053619bbfa9
-
SHA1
26e14b0eb3c2f7cef909c1e50ac326c06892e5ca
-
SHA256
b52d5c430f6b2d4061ee5ea4bb73289f9ee2da02e8dde46c08a958913252c4f9
-
SHA512
a22ab0be5c822ee569e6d62289c5cd30b2559777c5e4783cfc647b55bfff336de095114101a1da6e875eb51ebb13dcb7d8aebb534192633853a912454ab38451
-
SSDEEP
12288:kBvdieCWYsnxRQfx8HH70AlhEaLbljkj8O7Z/Yx6y9lSNU4UlUuTh1AG:kBveWDbQfEHtlh1LbljxPrMNWl/91h
Behavioral task
behavioral1
Sample
a6ea3e2aa4751022d24a8053619bbfa9_JaffaCakes118
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Extracted
xorddos
ndns.dsaj2a1.org:3504
ndns.dsaj2a.org:3504
ndns.hcxiaoao.com:3504
ndns.dsaj2a.com:3504
103.25.9.245:3504
103.240.141.50:3504
-
crc_polynomial
EDB88320
Targets
-
-
Target
a6ea3e2aa4751022d24a8053619bbfa9_JaffaCakes118
-
Size
610KB
-
MD5
a6ea3e2aa4751022d24a8053619bbfa9
-
SHA1
26e14b0eb3c2f7cef909c1e50ac326c06892e5ca
-
SHA256
b52d5c430f6b2d4061ee5ea4bb73289f9ee2da02e8dde46c08a958913252c4f9
-
SHA512
a22ab0be5c822ee569e6d62289c5cd30b2559777c5e4783cfc647b55bfff336de095114101a1da6e875eb51ebb13dcb7d8aebb534192633853a912454ab38451
-
SSDEEP
12288:kBvdieCWYsnxRQfx8HH70AlhEaLbljkj8O7Z/Yx6y9lSNU4UlUuTh1AG:kBveWDbQfEHtlh1LbljxPrMNWl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Writes memory of remote process
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-