General
-
Target
3059449.bin
-
Size
535KB
-
Sample
240904-w4zmxsvbpm
-
MD5
6147e779a72c49be7d1954ecd328c571
-
SHA1
3f1d936fb22225d2dea85bd926f28430c811e4c6
-
SHA256
d360716cab46152dedb9c0b7179d1dc36fc8040be312cf62f76229d1d3145bd7
-
SHA512
69d2cf66c9ff304cb879c69debe589b304f855bfdc78fe11421e75d4aeb808362101e91afca4ddf158aeed392ec92fb194b68b3b941c9737f981e6bf790b03e1
-
SSDEEP
12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzu66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5ufjQn36Eu
Behavioral task
behavioral1
Sample
3059449.bin
Resource
ubuntu2204-amd64-20240522.1-en
Malware Config
Extracted
xorddos
https://ww.aass654.com/config.rar
gg.aass654.com:1523
gg.xxcc789.com:1523
gg.vvbb321.com:1523
gg.jjkk567.com:1523
gg.nnmm234.com:1523
-
crc_polynomial
EDB88320
Targets
-
-
Target
3059449.bin
-
Size
535KB
-
MD5
6147e779a72c49be7d1954ecd328c571
-
SHA1
3f1d936fb22225d2dea85bd926f28430c811e4c6
-
SHA256
d360716cab46152dedb9c0b7179d1dc36fc8040be312cf62f76229d1d3145bd7
-
SHA512
69d2cf66c9ff304cb879c69debe589b304f855bfdc78fe11421e75d4aeb808362101e91afca4ddf158aeed392ec92fb194b68b3b941c9737f981e6bf790b03e1
-
SSDEEP
12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzu66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5ufjQn36Eu
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1