Overview

overview

10

Static

static

10

b90f98a1de...kes118

ubuntu-24.04-amd64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    22-08-2024 20:34

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b90f98a1de56b02687d6b719646ce12a_JaffaCakes118

  • Size

    544KB

  • MD5

    b90f98a1de56b02687d6b719646ce12a

  • SHA1

    e2cd4662a8885a350dcb5c0ea38e7ee377cd3aff

  • SHA256

    6814a4bbe0b6078dc04a4144e8017a50c3a453793e01cb3ae3440c575876ba6a

  • SHA512

    e5fab8a263ec7ed03ee4b5d110aa8e2985dcc81691cb2939830df0b472c2a4b0d4c7e524bccaf0a111211d150eff8711807a9787c4bd23677d4529340fff6db0

  • SSDEEP

    12288:dMt0ECI+AnmBeGHOkVZAG2/2//PXaIWtpm6y92u:atPCIN7G/VZAp/2//fa7po

Score
10/10
xorddosbotnetdownloaderrootkit

Malware Config

Extracted

Family

xorddos

Attributes
  • crc_polynomial

    CDB88320

xor.plain

Signatures

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos
  • XorDDoS payload 2 IoCs
  • Writes memory of remote process 2 IoCs
  • Loads a kernel module 64 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit

Processes

  • /tmp/b90f98a1de56b02687d6b719646ce12a_JaffaCakes118
    /tmp/b90f98a1de56b02687d6b719646ce12a_JaffaCakes118
    1⤵
    • Writes memory of remote process
    • Loads a kernel module
    PID:2766

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • /dev/shm/sem.Vha1Cx
    Filesize

    16B

    MD5

    076933ff9904d1110d896e2c525e39e5

    SHA1

    4188442577fa77f25820d9b2d01cc446e30684ac

    SHA256

    4cbbd8ca5215b8d161aec181a74b694f4e24b001d5b081dc0030ed797a8973e0

    SHA512

    6fcee9a7b7a7b821d241c03c82377928bc6882e7a08c78a4221199bfa220cdc55212273018ee613317c8293bb8d1ce08d1e017508e94e06ab85a734c99c7cc34

    Download Submit

  • /etc/cron.hourly/xppxizgu.sh
    Filesize

    157B

    MD5

    c9c41f8e3ad8ffa90da1798bdd607bdf

    SHA1

    0b3936933342be2c610ca0bf44d1aa4a3885e6b8

    SHA256

    45fdf6edc79a0d26d18c007d3df4d6e174d56eb0ea03f6a52ba965ba274a4598

    SHA512

    6caa06fd45955d8a2baa9fd31bf098f334837527b26194655981a3a8a8ae9da649f89c53b9992eb8f36e09f2f68663c1b98df8fac496fc7648c47dd4cbc8c8b7

    Download Submit

  • /etc/daemon.cfg
    Filesize

    32B

    MD5

    d3e258a78dfeb2065b84898a531b6c16

    SHA1

    ee7364490a4b8da80ae0fc50b7bd6146b2424942

    SHA256

    eb60a7919638cd8bf114cdf4b4ebab77c6708ee9a9827b1e9fbb6de5df383196

    SHA512

    985fe3712e91e2266f16001bc02fc5ffd873fbf7986e1526709367dddab480def490529ce9adb82be0e47e39af1909bc5b67025d2e0adce5b115914a21d7ba6b

    Download Submit

  • /usr/bin/auqapslc
    Filesize

    346KB

    MD5

    7281edfa3bac50a5f97324fe96fddf9b

    SHA1

    78a02e4ef5fab91e493779681d39c451f4d4011d

    SHA256

    d715703812959becf7f892b4fce3d9a47c4c5176fa90916be1dbec76e64a95e5

    SHA512

    dc336c7ff593356f08fbe3dd910d5425c9f336145535254b95737a5fd82547192c871eed32271a25be39f311076512160b81454c339440989f120e147c7797e6

    Download Submit

  • /usr/bin/ugzixppx
    Filesize

    544KB

    MD5

    9e7d0e57f0ecd8a603ec2c4780c1df5b

    SHA1

    a622a4258717e6aa15caeb31d611b115ac43fd41

    SHA256

    5e759a44c1fa959af58bfcd0cadcecae6ace4fb04a23f72ffe1c40410762eee5

    SHA512

    5653c49126672e15924e5d04b9c3b61544dcf7b09b0f75df0895b556cb26267ef3ebd7a616b2958933a99f6e2d22cf8951bc5471d5b6d89a9eeae8fb0ee54a30

    Download Submit