xorddos | 86e1697603be6fda3f01b976e320d3965e3252631b0798ae24bdcc555d1f36b7 | Triage

Submit
Reports

Overview

overview

Static

static

beujewgbbg

ubuntu-24.04-amd64

Sharing

General

Target

beujewgbbg
Size

535KB
Sample

250211-jkjfdazpbn
MD5

612f2688db8091e3d3cba6e3e49faa32
SHA1

b6109442295c0113813541bd6fa6c1a9f89a9f81
SHA256

86e1697603be6fda3f01b976e320d3965e3252631b0798ae24bdcc555d1f36b7
SHA512

bd0e083b05b6f418c922e5308a20aeb69194c0655e1354b698b1fdabab5fcca3a2d5e279680b4ca1dc476f869765e1c62f722e54cae395baad86dbcc8f9ce81a
SSDEEP

12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36EojX:/fUywKQ7Fb1pNL/p5PfjQn36EuX

Score

10^/10

xorddos botnet discovery downloader execution linux persistence privilege_escalation rootkit

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

beujewgbbg

Resource

ubuntu2404-amd64-20240523-en

xorddos botnet discovery downloader execution persistence privilege_escalation rootkit

ubuntu-24.04-amd64

7 signatures

150 seconds

Malware Config

Extracted

Family

xorddos

C2

https://ww.aass654.com/config.rar

ee.aass654.com:1520

ee.xxcc789.com:1520

ee.vvbb321.com:1520

ee.jjkk567.com:1520

ee.nnmm234.com:1520

Attributes

crc_polynomial
EDB88320

xor.plain

Targets

- Target
  
  beujewgbbg
- Size
  
  535KB
- MD5
  
  612f2688db8091e3d3cba6e3e49faa32
- SHA1
  
  b6109442295c0113813541bd6fa6c1a9f89a9f81
- SHA256
  
  86e1697603be6fda3f01b976e320d3965e3252631b0798ae24bdcc555d1f36b7
- SHA512
  
  bd0e083b05b6f418c922e5308a20aeb69194c0655e1354b698b1fdabab5fcca3a2d5e279680b4ca1dc476f869765e1c62f722e54cae395baad86dbcc8f9ce81a
- SSDEEP
  
  12288:4Ufrcn+vwK5ripVU4tdZ1pNL/pVbzP66ySjQn36EojX:/fUywKQ7Fb1pNL/p5PfjQn36EuX
Score

10^/10

xorddos botnet discovery downloader execution persistence privilege_escalation rootkit
- XorDDoS
  Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
  botnet downloader xorddos
- XorDDoS payload
- Xorddos family
  xorddos
- Writes memory of remote process
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  execution persistence privilege_escalation
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Cron

Persistence

Scheduled Task/Job

Cron

Privilege Escalation

Scheduled Task/Job

Cron

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xorddosbotnetdiscoverydownloaderexecutionpersistenceprivilege_escalationrootkit

© 2018-2025

Terms | Privacy