General
-
Target
1fb8a9dcce0ccb9486ba6de6a28f585d
-
Size
548KB
-
Sample
240826-qry8qswcqe
-
MD5
1fb8a9dcce0ccb9486ba6de6a28f585d
-
SHA1
44ff4db7684acadd452028b0122bc6b9312832ca
-
SHA256
79dd2cc0a3c70fa185e1c3259ed8696354bc1c5d1c64b24f0e656c8d45e09bbb
-
SHA512
515f1c6f102c327ebe46ee0e3f692b89e03d66a0ba299f493fd53fb0b1c0b2d0e2a4bb6cdbe5714960776abd472cbec6efd85546d4cd0e126387f771652d550d
-
SSDEEP
12288:vPTJS+naeW9kclFEcMWbHdxZ7GkR2fh/6y9P/Yr:nTJfrW99q4bHdxZ7G1fhFq
Behavioral task
behavioral1
Sample
1fb8a9dcce0ccb9486ba6de6a28f585d
Resource
ubuntu2204-amd64-20240611-en
Malware Config
Extracted
xorddos
http://full.dsaj2a.org/b/u.php
v8602.xffer.pw:60002
-
crc_polynomial
EDB88320
Targets
-
-
Target
1fb8a9dcce0ccb9486ba6de6a28f585d
-
Size
548KB
-
MD5
1fb8a9dcce0ccb9486ba6de6a28f585d
-
SHA1
44ff4db7684acadd452028b0122bc6b9312832ca
-
SHA256
79dd2cc0a3c70fa185e1c3259ed8696354bc1c5d1c64b24f0e656c8d45e09bbb
-
SHA512
515f1c6f102c327ebe46ee0e3f692b89e03d66a0ba299f493fd53fb0b1c0b2d0e2a4bb6cdbe5714960776abd472cbec6efd85546d4cd0e126387f771652d550d
-
SSDEEP
12288:vPTJS+naeW9kclFEcMWbHdxZ7GkR2fh/6y9P/Yr:nTJfrW99q4bHdxZ7G1fhFq
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-