General
-
Target
b6e04d4eea2d4e044b9b5c3dde3bce0d_JaffaCakes118
-
Size
611KB
-
Sample
240822-jnp3bswbkd
-
MD5
b6e04d4eea2d4e044b9b5c3dde3bce0d
-
SHA1
338ed179a905da39961250674e80be17a916884a
-
SHA256
242e172ee2185e78da0164b1669ae390458003da4a720da029fc4fc83d187bcd
-
SHA512
01cfe2b25d4883f5c1a687a096dd4cdb008114ec916b8ed319d130cb00758fd8c0c14e83dbaed44efddbe26463cf09124e092ab87658b7d11e0b8b9afa5b633b
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr+T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN+BVEBl/91h
Behavioral task
behavioral1
Sample
b6e04d4eea2d4e044b9b5c3dde3bce0d_JaffaCakes118
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Extracted
xorddos
http://aa.hostasa.org/config.rar
ns3.hostasa.org:4308
ns4.hostasa.org:4308
ns1.hostasa.org:4308
ns2.hostasa.org:4308
-
crc_polynomial
EDB88320
Targets
-
-
Target
b6e04d4eea2d4e044b9b5c3dde3bce0d_JaffaCakes118
-
Size
611KB
-
MD5
b6e04d4eea2d4e044b9b5c3dde3bce0d
-
SHA1
338ed179a905da39961250674e80be17a916884a
-
SHA256
242e172ee2185e78da0164b1669ae390458003da4a720da029fc4fc83d187bcd
-
SHA512
01cfe2b25d4883f5c1a687a096dd4cdb008114ec916b8ed319d130cb00758fd8c0c14e83dbaed44efddbe26463cf09124e092ab87658b7d11e0b8b9afa5b633b
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrr+T6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNN+BVEBl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-