General
-
Target
bcb6b83a4e6e20ffe0ce3c750360ddf5_JaffaCakes118
-
Size
611KB
-
Sample
240823-w5yf9a1hml
-
MD5
bcb6b83a4e6e20ffe0ce3c750360ddf5
-
SHA1
d88755b78834e87418aa3cb3bfee5de5c378bd2f
-
SHA256
61b0107a7a06ecbb8cc1d323967291d15450df7e8bab5d96c822a98c9399a521
-
SHA512
f3be44f45eb0c453192b0ddeb7d37f3335499b41b46cc3190e918ac2909f048b3857d2496ebd33fa79ddce4024a1b47a5e44867ff576c18eb998c7e4f87914ca
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiZx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhZfNiGQl/91h
Malware Config
Extracted
xorddos
http://aa.hostasa.org/game.rar
ns3.hostasa.org:3307
ns4.hostasa.org:3307
ns1.hostasa.org:3307
ns2.hostasa.org:3307
-
crc_polynomial
EDB88320
Targets
-
-
Target
bcb6b83a4e6e20ffe0ce3c750360ddf5_JaffaCakes118
-
Size
611KB
-
MD5
bcb6b83a4e6e20ffe0ce3c750360ddf5
-
SHA1
d88755b78834e87418aa3cb3bfee5de5c378bd2f
-
SHA256
61b0107a7a06ecbb8cc1d323967291d15450df7e8bab5d96c822a98c9399a521
-
SHA512
f3be44f45eb0c453192b0ddeb7d37f3335499b41b46cc3190e918ac2909f048b3857d2496ebd33fa79ddce4024a1b47a5e44867ff576c18eb998c7e4f87914ca
-
SSDEEP
12288:UB1tATMVAqnf+ExxBHYpmA38X8LYkCW6TiZx6yB1/iGK4UlUuTh1AG:UB1BVpmExDYp38X8LYTWhZfNiGQl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-