General

  • Target

    c3d4fd9da983ecf49d0c803dcd52a43e_JaffaCakes118

  • Size

    647KB

  • Sample

    240826-z43w5axcrq

  • MD5

    c3d4fd9da983ecf49d0c803dcd52a43e

  • SHA1

    0fc668f691e18a0a63b21646fa9141e686a859de

  • SHA256

    c880a315a26033b2117bf4e99630c099e98767a453ae14eac00f16b9846e372a

  • SHA512

    1b728fd203fac287e7cd549baf40a342b4536a6ec9cd56a2bdba0f66ae4cd7a2c248da874e7818c58f5c903086e924963345e4e88d5facb2be204cc0d535f660

  • SSDEEP

    12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton/p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m/6wvnDWXMN

Malware Config

Extracted

Family

xorddos

C2

http://info1.3000uc.com/b/u.php

linux.bc5j.com:2897

180.97.215.134:2897

Attributes
  • crc_polynomial

    EDB88320

xor.plain

Targets

    • Target

      c3d4fd9da983ecf49d0c803dcd52a43e_JaffaCakes118

    • Size

      647KB

    • MD5

      c3d4fd9da983ecf49d0c803dcd52a43e

    • SHA1

      0fc668f691e18a0a63b21646fa9141e686a859de

    • SHA256

      c880a315a26033b2117bf4e99630c099e98767a453ae14eac00f16b9846e372a

    • SHA512

      1b728fd203fac287e7cd549baf40a342b4536a6ec9cd56a2bdba0f66ae4cd7a2c248da874e7818c58f5c903086e924963345e4e88d5facb2be204cc0d535f660

    • SSDEEP

      12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton/p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m/6wvnDWXMN

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    • XorDDoS payload

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Matrix

Tasks