General
-
Target
c3b424c0978555704a2395c2664ae673_JaffaCakes118
-
Size
611KB
-
Sample
240826-yf5kdasbqb
-
MD5
c3b424c0978555704a2395c2664ae673
-
SHA1
12aabee68e17990ed63d23e9399de7755b326649
-
SHA256
0636d8749ecb285c293dc533c9b7690ba17ac7902488bf39164129a12d54c1c3
-
SHA512
1d027ffcfedafb8d4877ef534acab607cf3fc75a066fa8b0148a95836252a5c8a46ef232c8266de93094b4f5558b47ae3a3c0a069c86e639ac7cff3e257bdac7
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91h
Behavioral task
behavioral1
Sample
c3b424c0978555704a2395c2664ae673_JaffaCakes118
Resource
ubuntu2204-amd64-20240522.1-en
Malware Config
Extracted
xorddos
http://aaa.dsaj2a.org/config.rar
ww.dnstells.com:21
ww.gzcfr5axf6.com:21
ww.gzcfr5axf7.com:21
-
crc_polynomial
EDB88320
Targets
-
-
Target
c3b424c0978555704a2395c2664ae673_JaffaCakes118
-
Size
611KB
-
MD5
c3b424c0978555704a2395c2664ae673
-
SHA1
12aabee68e17990ed63d23e9399de7755b326649
-
SHA256
0636d8749ecb285c293dc533c9b7690ba17ac7902488bf39164129a12d54c1c3
-
SHA512
1d027ffcfedafb8d4877ef534acab607cf3fc75a066fa8b0148a95836252a5c8a46ef232c8266de93094b4f5558b47ae3a3c0a069c86e639ac7cff3e257bdac7
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrrT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNrBVEBl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Hijack Execution Flow
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Hijack Execution Flow
1Scheduled Task/Job
1