General

  • Target

    c1ec720ad4e847ff37bfdcebbe5b30df_JaffaCakes118

  • Size

    611KB

  • Sample

    240826-aygdhavcka

  • MD5

    c1ec720ad4e847ff37bfdcebbe5b30df

  • SHA1

    30fd7c4761351e2c81dfe79ca26b661014f3b64f

  • SHA256

    f8a2c1ff8d2a8f29181c8d3dd22fce6770522c5453efee8ec1ecd3ba0e54407f

  • SHA512

    b5ba20ea664fc035e6d4ace155ad45ccd94b6bfdb24180aa8f3f3105bfc9bc2ad65d68b352f3b64ff7bede0fc066741b5fd52de8162d8632b473a3c67315767e

  • SSDEEP

    12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrRT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNRBVEBl/91h

Malware Config

Extracted

Family

xorddos

C2

http://www.gzcfr5axf6.com/config.rar

bbb.wordpressau.com:3006

Attributes
  • crc_polynomial

    EDB88320

xor.plain

Targets

    • Target

      c1ec720ad4e847ff37bfdcebbe5b30df_JaffaCakes118

    • Size

      611KB

    • MD5

      c1ec720ad4e847ff37bfdcebbe5b30df

    • SHA1

      30fd7c4761351e2c81dfe79ca26b661014f3b64f

    • SHA256

      f8a2c1ff8d2a8f29181c8d3dd22fce6770522c5453efee8ec1ecd3ba0e54407f

    • SHA512

      b5ba20ea664fc035e6d4ace155ad45ccd94b6bfdb24180aa8f3f3105bfc9bc2ad65d68b352f3b64ff7bede0fc066741b5fd52de8162d8632b473a3c67315767e

    • SSDEEP

      12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrRT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNRBVEBl/91h

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    • XorDDoS payload

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

MITRE ATT&CK Matrix

Tasks