General
-
Target
75bfd448e4274cc4e5804c43768f62a36ccb3fc3b1df06e14d9c892daa2cde19.elf
-
Size
535KB
-
Sample
241125-xgf3qsxman
-
MD5
694a672878a1f7945c020a0a3ca74367
-
SHA1
148caeaa8ac7fdf46d48fc2d1d0020d1bf41d442
-
SHA256
75bfd448e4274cc4e5804c43768f62a36ccb3fc3b1df06e14d9c892daa2cde19
-
SHA512
a239845b91d64b8559192e4683e2faa16ad0c8987bfc142cf692f620bd5fefa0d8d0bbe2e7f5f59651435eec4350e3574171d33e7cd4656136b539bccd00fb60
-
SSDEEP
12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5PfjQn36Eu
Behavioral task
behavioral1
Sample
75bfd448e4274cc4e5804c43768f62a36ccb3fc3b1df06e14d9c892daa2cde19.elf
Resource
ubuntu2004-amd64-20240508-en
Malware Config
Extracted
xorddos
https://ww.aass654.com/config.rar
ee.aass654.com:1520
ee.xxcc789.com:1520
ee.vvbb321.com:1520
ee.jjkk567.com:1520
ee.nnmm234.com:1520
-
crc_polynomial
EDB88320
Targets
-
-
Target
75bfd448e4274cc4e5804c43768f62a36ccb3fc3b1df06e14d9c892daa2cde19.elf
-
Size
535KB
-
MD5
694a672878a1f7945c020a0a3ca74367
-
SHA1
148caeaa8ac7fdf46d48fc2d1d0020d1bf41d442
-
SHA256
75bfd448e4274cc4e5804c43768f62a36ccb3fc3b1df06e14d9c892daa2cde19
-
SHA512
a239845b91d64b8559192e4683e2faa16ad0c8987bfc142cf692f620bd5fefa0d8d0bbe2e7f5f59651435eec4350e3574171d33e7cd4656136b539bccd00fb60
-
SSDEEP
12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36Eoj:/fUywKQ7Fb1pNL/p5PfjQn36Eu
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Xorddos family
-
Executes dropped EXE
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Pre-OS Boot
1Bootkit
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Defense Evasion
Pre-OS Boot
1Bootkit
1Virtualization/Sandbox Evasion
1System Checks
1