General

  • Target

    b3353b56611b7626bdcbf7e99c2d2eb8_JaffaCakes118

  • Size

    544KB

  • Sample

    240821-m43vxaycpp

  • MD5

    b3353b56611b7626bdcbf7e99c2d2eb8

  • SHA1

    6a5878cd0556d2d5819268993eb9fe8e35a9d483

  • SHA256

    23d5ef8b34e1db697543b07e7b5a2fb9ab90e176dabfa8141f227cf639da2312

  • SHA512

    4f5849c6619962ae4f27b9e038ebd36edf70c0c819fa4bd9d190c00837c8dc78f440381a8c7dd171781cf65e7dcb9d95fa6df77601be557ec2394af4bd35a8e3

  • SSDEEP

    12288:JbinNy0Y1nvEtXBx6DkkJmAGyPexU279WnjVZ6ySWK:1iNy0evmxvkJmApPexUm9cVE

Malware Config

Extracted

Family

xorddos

C2

topbannersun.com:23

wowapplecar.com:23

Attributes
  • crc_polynomial

    CDB88320

xor.plain

Targets

    • Target

      b3353b56611b7626bdcbf7e99c2d2eb8_JaffaCakes118

    • Size

      544KB

    • MD5

      b3353b56611b7626bdcbf7e99c2d2eb8

    • SHA1

      6a5878cd0556d2d5819268993eb9fe8e35a9d483

    • SHA256

      23d5ef8b34e1db697543b07e7b5a2fb9ab90e176dabfa8141f227cf639da2312

    • SHA512

      4f5849c6619962ae4f27b9e038ebd36edf70c0c819fa4bd9d190c00837c8dc78f440381a8c7dd171781cf65e7dcb9d95fa6df77601be557ec2394af4bd35a8e3

    • SSDEEP

      12288:JbinNy0Y1nvEtXBx6DkkJmAGyPexU279WnjVZ6ySWK:1iNy0evmxvkJmApPexUm9cVE

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    • XorDDoS payload

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

MITRE ATT&CK Matrix

Tasks