Analysis
-
max time kernel
149s -
max time network
152s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system -
submitted
26-08-2024 21:17
Behavioral task
behavioral1
Sample
c3d4fd9da983ecf49d0c803dcd52a43e_JaffaCakes118
Resource
ubuntu2404-amd64-20240523-en
ubuntu-24.04-amd64
General
-
Target
c3d4fd9da983ecf49d0c803dcd52a43e_JaffaCakes118
-
Size
647KB
-
MD5
c3d4fd9da983ecf49d0c803dcd52a43e
-
SHA1
0fc668f691e18a0a63b21646fa9141e686a859de
-
SHA256
c880a315a26033b2117bf4e99630c099e98767a453ae14eac00f16b9846e372a
-
SHA512
1b728fd203fac287e7cd549baf40a342b4536a6ec9cd56a2bdba0f66ae4cd7a2c248da874e7818c58f5c903086e924963345e4e88d5facb2be204cc0d535f660
-
SSDEEP
12288:RBRO1UmJJ0nHgBL9YfJip2qm+x4h1Ton/p6y07l7mtBDvnD/u9hMHDB:RBRpmJ+HyL9AiAqm+x4h1m/6wvnDWXMN
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
linux.bc5j.com:2897
180.97.215.134:2897
-
crc_polynomial
EDB88320
Signatures
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload 1 IoCs
resource yara_rule behavioral1/files/fstream-1.dat family_xorddos -
Writes memory of remote process 2 IoCs
pid Process 2860 c3d4fd9da983ecf49d0c803dcd52a43e_JaffaCakes118 2888 Process not Found -
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
pid Process 2860 c3d4fd9da983ecf49d0c803dcd52a43e_JaffaCakes118 2861 Process not Found 2874 Process not Found 2876 Process not Found 2881 Process not Found 2876 Process not Found 2888 Process not Found 2890 Process not Found 2876 Process not Found 2893 Process not Found 2894 Process not Found 2888 Process not Found 2861 Process not Found 2876 Process not Found 2876 Process not Found 2894 Process not Found 2894 Process not Found 2888 Process not Found 2888 Process not Found 2894 Process not Found 2894 Process not Found 2888 Process not Found 2888 Process not Found 2894 Process not Found 2894 Process not Found 2888 Process not Found 2894 Process not Found 2894 Process not Found 2888 Process not Found 2876 Process not Found 2876 Process not Found 2896 Process not Found 2894 Process not Found 2894 Process not Found 2897 Process not Found 2888 Process not Found 2888 Process not Found 2876 Process not Found 2876 Process not Found 2894 Process not Found 2897 Process not Found 2897 Process not Found 2888 Process not Found 2888 Process not Found 2897 Process not Found 2897 Process not Found 2888 Process not Found 2897 Process not Found 2897 Process not Found 2888 Process not Found 2897 Process not Found 2897 Process not Found 2888 Process not Found 2888 Process not Found 2876 Process not Found 2876 Process not Found 2897 Process not Found 2897 Process not Found 2899 Process not Found 2900 Process not Found 2888 Process not Found 2888 Process not Found 2876 Process not Found 2876 Process not Found -
Unexpected DNS network traffic destination 54 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114 Destination IP 114.114.114.114
Processes
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
223B
MD5b791b087b1795e3674a9aa765c76fc04
SHA1b53f478234ae97f3cdbf2e7fe7ec68d687feb7c1
SHA2561c1e9b69cf8021bf7ce1f60dcaa2d31c1e21ed4b6e474f3571da81ffd5a9b69e
SHA5122dcc2e478c51cf8118306fd5c744aad7147e368cbc4329db1cc5fac52088a7f3354079ae2b582b270495789e4fb4591538ec88bb5ea40eec646f360bac33bbb2
-
Filesize
32B
MD5695c8e0d8d49337fb2764b56374104a0
SHA1cf23e61bba71c608c9e75f6fe7026b263e9bf34f
SHA256e712856071e4bb673f68090a8002a4eefa6e44c0e4c57dfbddb6790e38922f88
SHA5122ee344a7f0c727fa14b3a0f2e12e267a250eb1f4d9032e7dc403b11b7d34e8c3996f9d978f69290adf2b88f168f024df5e07b30fee92c42b29e9585666a2c464
-
Filesize
647KB
MD5c3d4fd9da983ecf49d0c803dcd52a43e
SHA10fc668f691e18a0a63b21646fa9141e686a859de
SHA256c880a315a26033b2117bf4e99630c099e98767a453ae14eac00f16b9846e372a
SHA5121b728fd203fac287e7cd549baf40a342b4536a6ec9cd56a2bdba0f66ae4cd7a2c248da874e7818c58f5c903086e924963345e4e88d5facb2be204cc0d535f660