Analysis
-
max time kernel
149s -
max time network
146s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
19-08-2024 04:36
Behavioral task
behavioral1
Sample
a99c10cb9713770b9e7dda376cddee3a_JaffaCakes118
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
a99c10cb9713770b9e7dda376cddee3a_JaffaCakes118
-
Size
611KB
-
MD5
a99c10cb9713770b9e7dda376cddee3a
-
SHA1
1f1dd4d74eba8949fb1d2316c13f77b3ffa96f98
-
SHA256
92a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86
-
SHA512
1d410a7259469a16a1599fb28cb7cd82813270a112055e4fbe28327735a2968affbfdcba0a2001d504919e5ef3b271f40c45da6291be9c5f97c278418b241b79
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiOx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhOfNiGQl/91h
Malware Config
Extracted
xorddos
http://aa.hostasa.org/game.rar
ns3.hostasa.org:3308
ns4.hostasa.org:3308
ns1.hostasa.org:3308
ns2.hostasa.org:3308
-
crc_polynomial
EDB88320
Signatures
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload 30 IoCs
resource yara_rule behavioral1/files/fstream-4.dat family_xorddos behavioral1/files/fstream-5.dat family_xorddos behavioral1/files/fstream-6.dat family_xorddos behavioral1/files/fstream-7.dat family_xorddos behavioral1/files/fstream-8.dat family_xorddos behavioral1/files/fstream-9.dat family_xorddos behavioral1/files/fstream-10.dat family_xorddos behavioral1/files/fstream-11.dat family_xorddos behavioral1/files/fstream-12.dat family_xorddos behavioral1/files/fstream-13.dat family_xorddos behavioral1/files/fstream-14.dat family_xorddos behavioral1/files/fstream-15.dat family_xorddos behavioral1/files/fstream-16.dat family_xorddos behavioral1/files/fstream-17.dat family_xorddos behavioral1/files/fstream-18.dat family_xorddos behavioral1/files/fstream-19.dat family_xorddos behavioral1/files/fstream-20.dat family_xorddos behavioral1/files/fstream-21.dat family_xorddos behavioral1/files/fstream-22.dat family_xorddos behavioral1/files/fstream-23.dat family_xorddos behavioral1/files/fstream-24.dat family_xorddos behavioral1/files/fstream-25.dat family_xorddos behavioral1/files/fstream-26.dat family_xorddos behavioral1/files/fstream-27.dat family_xorddos behavioral1/files/fstream-28.dat family_xorddos behavioral1/files/fstream-29.dat family_xorddos behavioral1/files/fstream-30.dat family_xorddos behavioral1/files/fstream-31.dat family_xorddos behavioral1/files/fstream-32.dat family_xorddos behavioral1/files/fstream-33.dat family_xorddos -
Writes memory of remote process 2 IoCs
pid Process 2493 a99c10cb9713770b9e7dda376cddee3a_JaffaCakes118 2507 Process not Found -
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2493 a99c10cb9713770b9e7dda376cddee3a_JaffaCakes118 2494 Process not Found 2500 Process not Found 2494 Process not Found 2494 Process not Found 2508 Process not Found 2507 Process not Found 2509 Process not Found 2494 Process not Found 2494 Process not Found 2507 Process not Found 2507 Process not Found 2507 Process not Found 2507 Process not Found 2507 Process not Found 2507 Process not Found 2507 Process not Found 2507 Process not Found 2494 Process not Found 2507 Process not Found 2507 Process not Found 2494 Process not Found 2533 Process not Found 2535 Process not Found 2537 Process not Found 2542 Process not Found 2539 Process not Found 2541 Process not Found 2544 Process not Found 2543 Process not Found 2545 Process not Found 2546 Process not Found 2507 Process not Found 2507 Process not Found 2494 Process not Found 2494 Process not Found 2542 Process not Found 2542 Process not Found 2544 Process not Found 2544 Process not Found 2543 Process not Found 2543 Process not Found 2545 Process not Found 2545 Process not Found 2546 Process not Found 2546 Process not Found 2507 Process not Found 2507 Process not Found 2542 Process not Found 2542 Process not Found 2544 Process not Found 2544 Process not Found 2543 Process not Found 2543 Process not Found 2545 Process not Found 2545 Process not Found 2546 Process not Found 2546 Process not Found 2507 Process not Found 2507 Process not Found 2542 Process not Found 2542 Process not Found 2544 Process not Found 2544 Process not Found
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
228B
MD53bab747cedc5f0ebe86aaa7f982470cd
SHA13c7d1c6931c2b3dae39d38346b780ea57c8e6142
SHA25674d31cac40d98ee64df2a0c29ceb229d12ac5fa699c2ee512fc69360f0cf68c5
SHA51221e8a6d9ca8531d37def83d8903e5b0fa11ecf33d85d05edab1e0feb4acac65ae2cf5222650fb9f533f459ccc51bb2903276ff6f827b847cc5e6dac7d45a0a42
-
Filesize
495B
MD568e204cf64e1a226c94734dc382a3dcd
SHA1ac80169203f526326e38f99fc2e5c4b3d0ed3f08
SHA2564bb9861ea56e2b24828b549d78b70c1036ef377b5f14ef2ac1f8bdc88768328a
SHA5127097e72cca2d6e894c45cb5f8b9cb99311b57fff84dcd6346c05282c2d59f86bb473878c1bc4c1e668c7a4d8ae41146bc672e954ade7b64d8273703795d51667
-
Filesize
32B
MD540ca86b147ee7a45cfe684186e880ab1
SHA19168a8c986f30a3324ea8240eda92f931e831b6a
SHA256a26a4dbda1135c1855f5dd4dabd3fe451162aea1b66c0a705c894ce0f5109a88
SHA512367aeafa34ac70f42d392692184a12c4b37ffa734d3f3b9b6459235b4147805cabab7aebb56c68b2f48efed096e3352d7a6a5e934c3415ea88047db0989da88c
-
Filesize
611KB
MD549fdb29a09a3c6764ba5b35b0f3f4134
SHA15b1f5f440005a1a8721907edfc0977a55046d315
SHA256458ab049e7bc5d028eac9d6266462da932d13d809861366bf90995e335b2edb7
SHA512ab8d8d769d5853712ae3c199b0a6b84d097476449c9377368f86942919f1815b8e3e1806d1150d855bbffe38b1f72912ab717fc93e90ed1bb4a5ceec93977edf
-
Filesize
611KB
MD5996998659676998e3d78e355ecf9cfd7
SHA1a551f1ce3ee71484794342831b4cd543995ac827
SHA2560fdcb37a454c701852afda3f92fc46c839f3bb9bd1f3f0274907ecbe10c68d1b
SHA512eb1f5964b7d03e40e2eac49530d5d473077480920ab7044d18572e49cee0602865dbdd208c71ea7fd902bfb670b42ab22b738040a86f7097237e6f391f0a19c9
-
Filesize
611KB
MD54f4a979ad7d069815e00497c1bc78517
SHA1c8edb3cf97178af52e51c50305416dc62269d8da
SHA256fbfaca14c3184a90da040efe89a9f83518cf65c16f373516bf8b39cd3993ea0f
SHA5121899c67bdd449f4d82578a56e96ee510cb56db0b6f1cee82f9e24ae39881beb1ce9e8ef135be2b162493c367e67a9d60fcd558282380b56beb4b7294cb92aebc
-
Filesize
611KB
MD5f4b3ebb13c0fb3464f6cf0de6f21862b
SHA150b221ac1ce93eca9f9fc09c13ff7a5186e75473
SHA25644ef82fe1b34ddc64d34f5eaf631eaf66d5e79b6930c9f87141693aa54e9d278
SHA5121b1f8394e53d98c3555c3534640c1b67bbefee86049d55d1691e862983664c8687c430700f7b1ecda3bd969d3e78187d2c5fed42b9049e999a7c524960661725
-
Filesize
611KB
MD5bdc3231e3b386a2620a2c43b2bebb3e7
SHA1af8230d14c16571f8ddd77ddfb6d16e1e8ed53ae
SHA2563e1871d14021ef3c4d9327f51ee9344096995a66613542305bf126a9931dec23
SHA512687999acf23567cb6b88a71956524bac31b9d6502526fb1eeb45e4ef47d35e245d06ad408373fcb5fd5b56801234a6c9a5414ae340fc87c7940af9c96b4cf791
-
Filesize
611KB
MD5c3a0520976a815e7c8cc05203a2dac14
SHA16ba6242b1bccfd70307ae6e9bad5fd4ff3cc56d8
SHA2565133e38579d293510a6de64e1dd9f5d82c2b98ee7ae8d7980e900db4de135915
SHA5120c4f0af9a3eceb9b90ea30df2380195158e7c5171bba0e40fdc4e4b119b1f02e737421f28f8b85a110fad9e6fb95c55293cac2e1f326b038edb49dd8917eb398
-
Filesize
611KB
MD5a18b34e656eb98d272aaec00f46802b8
SHA141b06895d556a7a00b46e1147834e7ddd4e2380c
SHA2566d056f18a4ffa80ffdcbf60cf3d154dfdd7f06e09948e0023e24a08168617e3e
SHA512a1641fb9d9ceeff6d59a465ae396f552fb4530bc4f510e99951234196cd0042416df6c235de6603986eb0e5eccb0fa9fe2f780666b809d95001977cc4075fcf3
-
Filesize
611KB
MD5b3d6b908ba3010204389d5084cad65db
SHA1a736384978e46598cd39c34c984fda0bd4462924
SHA2562c1d083e15a9a7042407b6a1b4290365bd093ae46717b56ca418a95738fe453a
SHA512f98fb5271a66af8d8baff7f79230ddf0215eab3962f86a0118eee744652ba379b39138fff908bf7bb3032fe3e71dd16d2b792eb94a5948a7ea1d94cc6db3e3e9
-
Filesize
611KB
MD5897e5cbd4562fba04eb91afcd4e39bf7
SHA10fee0477b713128a8ecce71a0e0b37ca2459ea2a
SHA2565c211f275e47f8752ea1857d32130d723f5f788c55cb757a2d6de41ca1c40ed0
SHA5125f7ea33ff29c546ffa4566d4a5518734f943f1f89a4a980d452ac1786c7e40b7ca38d3fe7f7ffc41c0b8fa420055b69988e08d0638f1a1f13e27f23061aea237
-
Filesize
611KB
MD5dbebc432a5982b37198d1ff4f5ad4992
SHA1dff982138d73a5e104e2407bae79f6b751561b38
SHA256bad3f1b9e4887786d52ff77c2d29b8c6c95387ba2e0edd94135493f1c982f629
SHA51203ff03033d099da3fd373cd1919e45aa0403328e697244af7cae3b74fa02d9d5d2678e2a291ef0ccb9a7f736f211dd428c89fd8715f7488d32c25f3ee04c9a92
-
Filesize
611KB
MD5ed2724ae4024a3d6198329232c5a60bd
SHA1fe406d268178d1c257c4ba63b2e6eb3e40b82f1b
SHA256a2a50f312e6e39d97175d8849962ff1262a0ba9eadcfe18476e435c76245f761
SHA5121fb43bb9fc2dc64fb52d3377395a22a4a5601565b2e734139226dfbd0be9fdc386ef82474009ff7ba4724c9db745ef6af164ecbc152f94d9600d41eb69eddb40
-
Filesize
611KB
MD5b30abd9424dd45079771b8d12a473f08
SHA185818b40c89b6aa933aed926776fb9cb3c93d4ed
SHA256275f1ccc51d29fb87d382fdb8db31c8ed777e1b6144ed82e42ce779680eda33a
SHA51272019a1aaea60e17937409dd871becee5f988354db169dbb6088cbdef6e17e341862e5c475c43f850dd5d698b23b38e630ee16649c37ebf04c554c7aba3ea963
-
Filesize
611KB
MD577b25ecc76d46aab0dfd8056a1dea619
SHA1210821444cc4accf86594ef66d6e7d5e1b47b6be
SHA25675bf9d25d6240c36d5d8ea02855a42eaca996d2e694b525be1aae2d840d9125a
SHA51226e8028fd5a2bc3ab4e4237f5137663377178ad01415ff76dcadd76131fc6563a3f74560c8891287deebb2b403ffeb4d882bf164d05f4948a603f894868fb5b8
-
Filesize
611KB
MD52735d77c2ccc8f900b85f96c81ca90de
SHA1ec7c4d29cb0bc742e143d122fc21dfd5b5ade681
SHA256c1c45d7b9f057a5060d363a36401ffdf89c068884dc196fdebd15758cc4cc745
SHA512cdafc3ac8134a738d529bd0091585ade4ba472de500cc1ac7fbb05f9daa177da1c6c83482cc8cf88ddbb715ce6911e2bb2564547456605373c9222d04a09f669
-
Filesize
611KB
MD5a5661c089cb567f69aadf6410b650be4
SHA15561ec9e0b4b26bf6bb1ff47a2ec979efa4bb589
SHA256d624e36a846ed7a78d5e16a21604c1f3bf4907390aeae87e9f2acb2b2f5a0043
SHA512ef84780d0ef766f0634a76a1a2d5c493ad30a87325933a55e5c5e7810127ae1752074febd8b5fc29f9417d6ce0142a37894155f4f87b7a18e4b61e9478d15e4b
-
Filesize
611KB
MD5460c95e4b99688c7b63ebf192731473b
SHA172588184b5964dad6746699d2e6b2cc0585855e3
SHA256bdc953ad28e302755aeff2b1629ab2225733092f42dc612fc03e08eefe2ddf68
SHA5129139affbb70c7f4b98109faf7f4efdb4d4894a8d98ccfa7efa25e94e8cffd169f6dc41c262c1a824bc0071d5fe20a33d0ec05ee786c2ff42b07c4b596273af48
-
Filesize
611KB
MD510c278cabaaf78586afdc8cbdaa0d63e
SHA1fd73afecb1b6205fa341ca354a68825a7b0183a7
SHA256ffc3bd45d3840d3ec8e4d556f4678b6e042955c9f890f77d70aedf81cd1d16ba
SHA512d61d05b96bbd68920a9852c81e1ae2074ec2bf1359129a08db005680be558a0f48c7a55db39106e383c73664f2a6327af3dda64c015fa58eb365f904bc4a40d0
-
Filesize
611KB
MD5c7c302f22a043fa436a13cee838f91d5
SHA15fe9d83ca4b818c80b1c4adaf0395978c8d35e8b
SHA2568971d8f61ed19892d2101b06e2f6cb1f401ed627833ef0ae404e0e019d6dd68c
SHA5128e1809821f5c84c87d9b4e6cb465a02edf3703cc945ac1d70795066e272830c17d8e57157213e33b72df3776d24e266bdbbcf7f1453a1b07e971ee79b0ac9094
-
Filesize
611KB
MD579ec04ca7b26858d8aac5dc8fd435367
SHA1a7728b8bc82ae2f88127814f4873090728771aca
SHA256221a3dfb72f079ddf126428cb25d0b0fc3eae4d8c7b28304bb2646d376184137
SHA51213e1095fec7f40813575cd4697151e5b7d139846243bd85b6f39c0fa040e158e94cb88412961a7f8b0d8356ab2def7cec25036d5a020d78b4142267abc3bfd62
-
Filesize
611KB
MD5bf19ef6fb75ab6e5a03114f3528d1166
SHA167d05beae4137a5983690599b53429320929504d
SHA256708feda73afd34e97cd3247a916340fa60d1ad3cd04bcb8c29a7443f35f37f36
SHA5126be78a15e81c7b615a408a6b4108e0ba09317f37ee86fe216f4331c34ae43fc40e7fd59d89a32382649c01044efe425bd47c3aa81e528ffb1cb830f9e42cbba7
-
Filesize
611KB
MD51eba141ae354dd180644b8e01275e152
SHA1663ec60ea53e2898bdb2ae67ad9c49977ff21497
SHA256e0b4883d7732d40fd1600abe3c07017afeae0c14b0f7175ac0a2ac667cb6a6f9
SHA5127cb76ee7c5d991ff59c39808a3998d71e6f80a8d5c61eef39929eb1bc38c37831025f361fe0d4ea5b72fe40c7c5f26c7c737afa4589e6b66d69ae08f07cd76f7
-
Filesize
611KB
MD50d41199ef47f7d2d671987f8b15f57b0
SHA1819245ad021f4107d63aec5d998a7ae13758d4fb
SHA256a8b8d7c9e182cbec54c548bed47e753d3e799391e50b4d0cde9af7fefe9a6bae
SHA51260d73ca1f1b79af3cebcae38b89254f8ac44ab24c3c5cadd8b84d9b0cc20951127dfb0de8e4e7d730bc8407fc0ba05cd2dd8b0e03e224935ea83b8cddcba41b1
-
Filesize
611KB
MD5b4dc62d8b45b3dfaa1b84c9fcc3a884b
SHA188eddff9e6def78a4c9fb562fb6f8df6f8093cd8
SHA2568490cfb6e53eeae71bd035a2750f9502d731f08ae5c51391d07536d5614b4a42
SHA512c235a4910c71f5623b4bdf8099bff26d975d544d2b0679bff423340fd4340b6dd0a2e79ef55a61f1c50e649232972d843204c1cd7548c75c93253ebd7c507bd4
-
Filesize
611KB
MD504c9c149e639a977eed8fa12ea761eef
SHA1ad6883c9b1db7f2066d566561b1d9b7460ceaca5
SHA256afcfa2a7ddc674d07475fc9e765d3b3540c1d5a9cdc135935b575edd5509fca5
SHA512ce73cb0df15afbd4ded470c98c563d98b9232de1aecfc0f863ac99e09889ccaa300f8f78c481003f09df4e57864d4b54c20d59b0d31d5bd8a522b994c0f69959
-
Filesize
611KB
MD5d0363e22b18a2f9a408d2adac36dbe90
SHA1d256f4ea6247c82bb2b4fd6f55dbd2fb3a0006cd
SHA25697d25b43f04e60a2a32f0bbd83a1fa2dbf34a4ac3d5c3937c59e5cb8b22245bb
SHA51235422ab4ffe5a3a4097130fdbb7a2648ef76e9b3387252352d1ebc45dcad3c0a18b5336791e6f865998382b6aa68fc1dbb88a82e313822931bfeeb3f62699c2a
-
Filesize
611KB
MD5ec0589ceb66fd7fd6db520cfaaa4b734
SHA1dc114fc383613c5873e1a62eca494ce5be808b0d
SHA256c29504e22357700e9366ce07e3b193a2c1c78e5ad6d51f6f3fddb23de706fe82
SHA5120efbc83cecb254a09820fcecf9e152cfac9279d0840d72fb862ee4dbca846f34dfb8675d7c62c523807a2a6da1cb07ee9e1ee14799d78ef9c00796ac5d2f6f63
-
Filesize
611KB
MD5701b41eea86d460903ad4d7193329220
SHA1febe03fb2321df0068042e8a88d92db772090975
SHA25655f748ecb0c9c36ad88a26278c8df125d31b2380da32859a0b0e8cfa3f49428c
SHA512821f1b3cc0a1fa42464b56796d15c9b6dc20e40c0690f0b46d4c6ae34d57179a98f36ea97568401f70d21f59580dda90294ba061eb85c5a90f86f71c58eda054
-
Filesize
611KB
MD539cbd697c96b879ae0f876506cf54432
SHA1ab7ca0403b9c29389a2f3fc2d6db1b144b0fab3a
SHA256e3f4298ec365c7b4eb0b35388e49c9c1a805ff054bbaaca8a4c393a2b38cd480
SHA512ebfabd7c33472d34a59acd3daec99f18afefddb38b188c9374dafe8e2ff482986e402bb3fecbeed13c617b190c26ce6648814d740b4ec9ff1dc9eed8a54ad636
-
Filesize
611KB
MD5ebb11954a040394d09e45a88b6aec440
SHA1dee2da065365fb2cb74637587a773dcbc6166b13
SHA256b04fcb00b64c9e3ee98df6e129278265c2138ad61c20709ff77ff7b0ffeb9202
SHA512cd041b6a0f5c5c5e13a280c1c406fa34291b70b6a47714228abd66ba48aef391bd61ce905ca1f4e57dbcea74c1315daf36ce47413d7d78cc8e8aeed50b0f0a09
-
Filesize
611KB
MD5a99c10cb9713770b9e7dda376cddee3a
SHA11f1dd4d74eba8949fb1d2316c13f77b3ffa96f98
SHA25692a260d856e00056469fb26f5305a37f6ab443d735d1476281b053b10b3c4f86
SHA5121d410a7259469a16a1599fb28cb7cd82813270a112055e4fbe28327735a2968affbfdcba0a2001d504919e5ef3b271f40c45da6291be9c5f97c278418b241b79