Resubmissions

17/04/2025, 11:30

250417-nl5r8axmy8 10

17/04/2025, 10:58

250417-m2xwwasvfs 10

General

  • Target

    bin (2)

  • Size

    542KB

  • Sample

    250417-m2xwwasvfs

  • MD5

    f8d19572ff48420a101c685b87d0c099

  • SHA1

    4485c6260a530dbe5680ce8166e63142a93bb9b6

  • SHA256

    2f70458e2b77fba49697e3fbba8bea53e27e7ca010fd92ca3919b819d3aee160

  • SHA512

    4860b6e9dcc8789e22c02140e96992ba18f24ad5e1bb3cedda8960da52f786cbdbcf9f27035ac1925ae0eaad39706c42fe21b0acc20326852c5d9289c247dfa8

  • SSDEEP

    12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXGLLp6yWrk3:VB2WCH/eMU9Uc8gd49N94BJXGLL4ru

Malware Config

Extracted

Family

xorddos

C2

http://ww.wowapplecar.com/config.rar

hh.vvbb321.com:1525

hh.jjkk567.com:1525

hh.nnmm234.com:1525

hh.aass654.com:1525

hh.xxcc789.com:1525

Attributes
  • crc_polynomial

    EDB88320

xor.plain

Targets

    • Target

      bin (2)

    • Size

      542KB

    • MD5

      f8d19572ff48420a101c685b87d0c099

    • SHA1

      4485c6260a530dbe5680ce8166e63142a93bb9b6

    • SHA256

      2f70458e2b77fba49697e3fbba8bea53e27e7ca010fd92ca3919b819d3aee160

    • SHA512

      4860b6e9dcc8789e22c02140e96992ba18f24ad5e1bb3cedda8960da52f786cbdbcf9f27035ac1925ae0eaad39706c42fe21b0acc20326852c5d9289c247dfa8

    • SSDEEP

      12288:VB2bw1CH/FwznbIU9sE8c8lqd49N94wT4JXGLLp6yWrk3:VB2WCH/eMU9Uc8gd49N94BJXGLL4ru

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    • XorDDoS payload

    • Xorddos family

    • Writes memory of remote process

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

MITRE ATT&CK Enterprise v16

Tasks