General

  • Target

    a99c10cb9713770b9e7dda376cddee3a_JaffaCakes118

  • Size

    611KB

  • Sample

    240819-e8meqavbka

  • MD5

    a99c10cb9713770b9e7dda376cddee3a

  • SHA1

    1f1dd4d74eba8949fb1d2316c13f77b3ffa96f98

  • SHA256

    92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86

  • SHA512

    1d410a7259469a16a1599fb28cb7cd82813270a112055e4fbe28327735a2968affbfdcba0a2001d504919e5ef3b271f40c45da6291be9c5f97c278418b241b79

  • SSDEEP

    12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiOx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhOfNiGQl/91h

Malware Config

Extracted

Family

xorddos

C2

http://aa.hostasa.org/game.rar

ns3.hostasa.org:3308

ns4.hostasa.org:3308

ns1.hostasa.org:3308

ns2.hostasa.org:3308

Attributes
  • crc_polynomial

    EDB88320

xor.plain

Targets

    • Target

      a99c10cb9713770b9e7dda376cddee3a_JaffaCakes118

    • Size

      611KB

    • MD5

      a99c10cb9713770b9e7dda376cddee3a

    • SHA1

      1f1dd4d74eba8949fb1d2316c13f77b3ffa96f98

    • SHA256

      92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86

    • SHA512

      1d410a7259469a16a1599fb28cb7cd82813270a112055e4fbe28327735a2968affbfdcba0a2001d504919e5ef3b271f40c45da6291be9c5f97c278418b241b79

    • SSDEEP

      12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiOx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhOfNiGQl/91h

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    • XorDDoS payload

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

MITRE ATT&CK Matrix

Tasks