xorddos | 6ddf688bdf16a1d465aef954ff90b372dacd8162bac2c7797ff7b6b4f20afcbc | Triage

Submit
Reports

Overview

overview

Static

static

libudev.so

windows10-ltsc 2021-x64

Sharing

General

Target

libudev.so
Size

542KB
Sample

250227-swt6pa1tby
MD5

b51476351c030b45c982011e12be17d7
SHA1

9db5baba5f06bc3e6d5b78de1505eee915690148
SHA256

6ddf688bdf16a1d465aef954ff90b372dacd8162bac2c7797ff7b6b4f20afcbc
SHA512

6ee3c1cef54bf515ac07e6e0d2932e3eabe86dac80f546befff8d8a1f4de22b6dd95e91580306361dbc7af11bcfed6d421f739bc9b37e38665ef342007b0efe7
SSDEEP

12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXhLLp6yWrk3:VB2WCH/eMU9Uc8gd49N94BJXhLL4ru

Score

10^/10

xorddos botnet defense_evasion discovery downloader

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

libudev.so

Resource

win10ltsc2021-20250217-en

xorddos botnet defense_evasion discovery downloader

windows10-ltsc 2021-x64

23 signatures

900 seconds

Malware Config

Extracted

Family

xorddos

C2

http://ww.wowapplecar.com/config.rar

ee.vvbb321.com:1520

ee.jjkk567.com:1520

ee.nnmm234.com:1520

ee.aass654.com:1520

ee.xxcc789.com:1520

Attributes

crc_polynomial
EDB88320

xor.plain

Targets

- Target
  
  libudev.so
- Size
  
  542KB
- MD5
  
  b51476351c030b45c982011e12be17d7
- SHA1
  
  9db5baba5f06bc3e6d5b78de1505eee915690148
- SHA256
  
  6ddf688bdf16a1d465aef954ff90b372dacd8162bac2c7797ff7b6b4f20afcbc
- SHA512
  
  6ee3c1cef54bf515ac07e6e0d2932e3eabe86dac80f546befff8d8a1f4de22b6dd95e91580306361dbc7af11bcfed6d421f739bc9b37e38665ef342007b0efe7
- SSDEEP
  
  12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXhLLp6yWrk3:VB2WCH/eMU9Uc8gd49N94BJXhLL4ru
Score

10^/10

xorddos botnet defense_evasion discovery downloader
- XorDDoS
  Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
  botnet downloader xorddos
- XorDDoS payload
- Xorddos family
  xorddos
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Browser Information Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

xorddosbotnetdefense_evasiondiscoverydownloader

© 2018-2025

Terms | Privacy