General
-
Target
a1da9b563db9056c96523a8727a279e3
-
Size
603KB
-
Sample
240909-x2vfvsxdmc
-
MD5
a1da9b563db9056c96523a8727a279e3
-
SHA1
264124d50c9c25cea15459acb662b750bd7987c5
-
SHA256
f5b098419bdcd2aee198c074b895e113fb7cac9132ad1b592005d31f1394ad3f
-
SHA512
1418a5fc3fd23a0b10533a60ab76cfd71cd0894c0bf8fdc859fdc27a3673a4f5fc63320ab4e0aab81eefeaba933266933a74e60021a3985bb5dbe8ca90a93aaf
-
SSDEEP
12288:R40XBrnlTCbI5ZBP5IePtqLn4yFeC+oT6ygF9b4elMuThmVF:e01tCbqNNPtqLn4yFmoEbdlH9mn
Behavioral task
behavioral1
Sample
a1da9b563db9056c96523a8727a279e3
Resource
ubuntu1804-amd64-20240508-en
Malware Config
Extracted
xorddos
http://info1.3000uc.com/b/u.php
gh.dsaj2a1.org:2857
navert0p.com:2857
wangzongfacai.com:2857
-
crc_polynomial
EDB88320
Targets
-
-
Target
a1da9b563db9056c96523a8727a279e3
-
Size
603KB
-
MD5
a1da9b563db9056c96523a8727a279e3
-
SHA1
264124d50c9c25cea15459acb662b750bd7987c5
-
SHA256
f5b098419bdcd2aee198c074b895e113fb7cac9132ad1b592005d31f1394ad3f
-
SHA512
1418a5fc3fd23a0b10533a60ab76cfd71cd0894c0bf8fdc859fdc27a3673a4f5fc63320ab4e0aab81eefeaba933266933a74e60021a3985bb5dbe8ca90a93aaf
-
SSDEEP
12288:R40XBrnlTCbI5ZBP5IePtqLn4yFeC+oT6ygF9b4elMuThmVF:e01tCbqNNPtqLn4yFmoEbdlH9mn
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Executes dropped EXE
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1