General
-
Target
caeeadeea0762565473ac39681101c29_JaffaCakes118
-
Size
611KB
-
Sample
240830-qpparaxdpq
-
MD5
caeeadeea0762565473ac39681101c29
-
SHA1
1f7aad5e0e5996ed5c6634d08066df13b7e01440
-
SHA256
94b59b4761147519fecf662cecba7219ac2f70682ae02685081a181758cb705f
-
SHA512
3c0a150894fc8a84a2b4ccaaa935fcfc74f07b16626f1ca82b34f743d5ee77bae2e4143b132721648275c4c3e7e5ac27687da16d25607d7ff3cab3ad1b1d74a4
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrIT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNIBVEBl/91h
Behavioral task
behavioral1
Sample
caeeadeea0762565473ac39681101c29_JaffaCakes118
Resource
ubuntu2204-amd64-20240522.1-en
Malware Config
Extracted
xorddos
http://aaa.dsaj2a.org/config.rar
ww.dnstells.com:53
ww.gzcfr5axf6.com:53
ww.gzcfr5axf7.com:53
-
crc_polynomial
EDB88320
Targets
-
-
Target
caeeadeea0762565473ac39681101c29_JaffaCakes118
-
Size
611KB
-
MD5
caeeadeea0762565473ac39681101c29
-
SHA1
1f7aad5e0e5996ed5c6634d08066df13b7e01440
-
SHA256
94b59b4761147519fecf662cecba7219ac2f70682ae02685081a181758cb705f
-
SHA512
3c0a150894fc8a84a2b4ccaaa935fcfc74f07b16626f1ca82b34f743d5ee77bae2e4143b132721648275c4c3e7e5ac27687da16d25607d7ff3cab3ad1b1d74a4
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrIT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNIBVEBl/91h
Score10/10-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Hijack Execution Flow
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
1Hijack Execution Flow
1Scheduled Task/Job
1