General
-
Target
cfde10b9d5468ee167d578bbfe93a0dc_JaffaCakes118
-
Size
596KB
-
Sample
240906-s1k4kstgkn
-
MD5
cfde10b9d5468ee167d578bbfe93a0dc
-
SHA1
61646e20beb7f816cea1713f92f1d1da92450e8e
-
SHA256
a7eb1d26c8069a933254341be5b5ebf61818d08d0867d64d48890e0ba80cff87
-
SHA512
0faec1f88a4263c72dc87ce14c31e32ec9f353b27d944a32e0849e4015d7e0d50023ddc122673cd3b12d8614e7a53b49c5cf87758990c21a7e6e8b6d8a8a4596
-
SSDEEP
12288:bfTGy+n69+5rTlFEcMWbHvx5SGEuWdiF6yxm9Ah7Dxu9hc7L:rTG/0+5dq4bHvx5SGodiLTD4XcP
Behavioral task
behavioral1
Sample
cfde10b9d5468ee167d578bbfe93a0dc_JaffaCakes118
Resource
ubuntu2204-amd64-20240729-en
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
gh.dsaj2a1.org:2879
iosapp622.ddns.net:2879
173.247.233.62:2879
-
crc_polynomial
EDB88320
Targets
-
-
Target
cfde10b9d5468ee167d578bbfe93a0dc_JaffaCakes118
-
Size
596KB
-
MD5
cfde10b9d5468ee167d578bbfe93a0dc
-
SHA1
61646e20beb7f816cea1713f92f1d1da92450e8e
-
SHA256
a7eb1d26c8069a933254341be5b5ebf61818d08d0867d64d48890e0ba80cff87
-
SHA512
0faec1f88a4263c72dc87ce14c31e32ec9f353b27d944a32e0849e4015d7e0d50023ddc122673cd3b12d8614e7a53b49c5cf87758990c21a7e6e8b6d8a8a4596
-
SSDEEP
12288:bfTGy+n69+5rTlFEcMWbHvx5SGEuWdiF6yxm9Ah7Dxu9hc7L:rTG/0+5dq4bHvx5SGodiLTD4XcP
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1