Analysis
-
max time kernel
150s -
max time network
151s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
21-08-2024 11:02
Behavioral task
behavioral1
Sample
b3353b56611b7626bdcbf7e99c2d2eb8_JaffaCakes118
Resource
ubuntu2404-amd64-20240523-en
General
-
Target
b3353b56611b7626bdcbf7e99c2d2eb8_JaffaCakes118
-
Size
544KB
-
MD5
b3353b56611b7626bdcbf7e99c2d2eb8
-
SHA1
6a5878cd0556d2d5819268993eb9fe8e35a9d483
-
SHA256
23d5ef8b34e1db697543b07e7b5a2fb9ab90e176dabfa8141f227cf639da2312
-
SHA512
4f5849c6619962ae4f27b9e038ebd36edf70c0c819fa4bd9d190c00837c8dc78f440381a8c7dd171781cf65e7dcb9d95fa6df77601be557ec2394af4bd35a8e3
-
SSDEEP
12288:JbinNy0Y1nvEtXBx6DkkJmAGyPexU279WnjVZ6ySWK:1iNy0evmxvkJmApPexUm9cVE
Malware Config
Extracted
xorddos
topbannersun.com:23
wowapplecar.com:23
-
crc_polynomial
CDB88320
Signatures
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload 2 IoCs
resource yara_rule behavioral1/files/fstream-1.dat family_xorddos behavioral1/files/fstream-167.dat family_xorddos -
Writes memory of remote process 2 IoCs
pid Process 2434 b3353b56611b7626bdcbf7e99c2d2eb8_JaffaCakes118 2437 Process not Found -
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2434 b3353b56611b7626bdcbf7e99c2d2eb8_JaffaCakes118 2439 Process not Found 2442 Process not Found 2444 Process not Found 2441 Process not Found 2446 Process not Found 2453 Process not Found 2455 Process not Found 2459 Process not Found 2440 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2440 Process not Found 2480 Process not Found 2482 Process not Found 2485 Process not Found 2488 Process not Found 2491 Process not Found 2440 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2440 Process not Found 2495 Process not Found 2497 Process not Found 2500 Process not Found 2504 Process not Found 2506 Process not Found 2440 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2440 Process not Found 2510 Process not Found 2512 Process not Found 2515 Process not Found 2518 Process not Found 2521 Process not Found 2440 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2441 Process not Found 2440 Process not Found 2525 Process not Found 2527 Process not Found 2530 Process not Found 2533 Process not Found 2536 Process not Found 2441 Process not Found 2440 Process not Found 2441 Process not Found
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
16B
MD5076933ff9904d1110d896e2c525e39e5
SHA14188442577fa77f25820d9b2d01cc446e30684ac
SHA2564cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0
SHA5126fcee9a7b7a7b821d241c03c82377928bc6882e7a08c78a4221199bfa220cdc55212273018ee613317c8293bb8d1ce08d1e017508e94e06ab85a734c99c7cc34
-
Filesize
162B
MD56c7c4844c14ec25a95a0695cdcdf3d11
SHA141cf49e2442933b80f34274ad26687dbcb30001d
SHA25619b55b9551cc2c29ecedd995c6663c4a475d61cd558e39fe60f6e5670cb1d288
SHA512aa253ea77908fb623c99d880c54de09da8c1c4247309a3a6e56d2cb391f322386c47e374f166ce5b9c7c427acbe94c721aa661432810c0622daa954265ed8cc2
-
Filesize
32B
MD518cd21768afc1961f5d4846a92cdee19
SHA18ec1edae511ab3f77525d8113a3a6285ba6585ba
SHA25698790312664d6de9bc00699af315fe48661ea1f71926a26e6565948fc70e8cba
SHA512baf583e9f07f2ebea98b76eb93da4e6e4b9f86fe5583e92311f73069a8b9350b928b605a29f769a7cda44f889988441345430660f4881c15ce84aca2a612d074
-
Filesize
288KB
MD57349f3ca7e6609649b01eef05df81482
SHA16b424e74dfd43d074717e5d51230169168fccaec
SHA256229d5cffe5648d0f2ec18f5c59587e7a6790d88f3e7f9b2fbe1fb4415f8b64aa
SHA512bf58e0c56f19cc77793ea587f0f4185272267b70fa5a10f07c4d307417a00d0a3cce5433a5ee826e0f3fdbcca4a14f3193e93d78cd46386b1449a2c8b00ca72d
-
Filesize
544KB
MD5e941a92db3ff98d4f1390bef5e9bba4d
SHA1ec75a8ad8e9157a74062a384fee1f463f46bdf43
SHA256f294994eb7227c5b18493954b3d5a2195b2a34ee516cb66ab524b1435ed811e6
SHA512ffbf88cd079a5a42278f4dfa9255210edaac4a724b3ccadf3dc014e3c1d191870405047473ccd8d800325dc07cd629d3219356354b9c16cd9013b04b3f728d52