General
-
Target
c3d4fd9da983ecf49d0c803dcd52a43e_JaffaCakes118
-
Size
647KB
-
Sample
240826-z43w5axcrq
-
MD5
c3d4fd9da983ecf49d0c803dcd52a43e
-
SHA1
0fc668f691e18a0a63b21646fa9141e686a859de
-
SHA256
c880a315a26033b2117bf4e99630c099e98767a453ae14eac00f16b9846e372a
-
SHA512
1b728fd203fac287e7cd549baf40a342b4536a6ec9cd56a2bdba0f66ae4cd7a2c248da874e7818c58f5c903086e924963345e4e88d5facb2be204cc0d535f660
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton/p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m/6wvnDWXMN
Behavioral task
behavioral1
Sample
c3d4fd9da983ecf49d0c803dcd52a43e_JaffaCakes118
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
linux.bc5j.com:2897
180.97.215.134:2897
-
crc_polynomial
EDB88320
Targets
-
-
Target
c3d4fd9da983ecf49d0c803dcd52a43e_JaffaCakes118
-
Size
647KB
-
MD5
c3d4fd9da983ecf49d0c803dcd52a43e
-
SHA1
0fc668f691e18a0a63b21646fa9141e686a859de
-
SHA256
c880a315a26033b2117bf4e99630c099e98767a453ae14eac00f16b9846e372a
-
SHA512
1b728fd203fac287e7cd549baf40a342b4536a6ec9cd56a2bdba0f66ae4cd7a2c248da874e7818c58f5c903086e924963345e4e88d5facb2be204cc0d535f660
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton/p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m/6wvnDWXMN
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Writes memory of remote process
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-