General
-
Target
265a38c6dee58f912ff82a4e7ce3a32b2a3216bffd8c971a7414432c5f66ef11
-
Size
610KB
-
Sample
250507-llr51ssps8
-
MD5
1ff3fdc6d3ee76b23fc8bd08fc022c4c
-
SHA1
79e7da08bd9454079ff1ad5091fd0d5afdadfb2b
-
SHA256
265a38c6dee58f912ff82a4e7ce3a32b2a3216bffd8c971a7414432c5f66ef11
-
SHA512
5cbf38a09436172ddf11ab5b6f49e89dd4d1cb28ce3724fd9bf9da7cce9aac7698d55eb266529c8d3fd15bb7126343954fbbf27f269772efea8a4f114c8cc664
-
SSDEEP
12288:WBmHsnhar0nJ7FGY5HRYxC1mqiL40qFCWU7k/lU6yZNnXgW4UlUuTh1AR:WBmHgaUVFGAR11mTL40q/fGpXgUl/91s
Behavioral task
behavioral1
Sample
265a38c6dee58f912ff82a4e7ce3a32b2a3216bffd8c971a7414432c5f66ef11
Resource
ubuntu2204-amd64-20250307-en
Malware Config
Extracted
xorddos
http://www1.gggatat456.com/dd.rar
g14.gggatat456.com:1430
x14.xxxatat456.com:1430
d14.dddgata789.com:1430
-
crc_polynomial
EDB88320
Targets
-
-
Target
265a38c6dee58f912ff82a4e7ce3a32b2a3216bffd8c971a7414432c5f66ef11
-
Size
610KB
-
MD5
1ff3fdc6d3ee76b23fc8bd08fc022c4c
-
SHA1
79e7da08bd9454079ff1ad5091fd0d5afdadfb2b
-
SHA256
265a38c6dee58f912ff82a4e7ce3a32b2a3216bffd8c971a7414432c5f66ef11
-
SHA512
5cbf38a09436172ddf11ab5b6f49e89dd4d1cb28ce3724fd9bf9da7cce9aac7698d55eb266529c8d3fd15bb7126343954fbbf27f269772efea8a4f114c8cc664
-
SSDEEP
12288:WBmHsnhar0nJ7FGY5HRYxC1mqiL40qFCWU7k/lU6yZNnXgW4UlUuTh1AR:WBmHgaUVFGAR11mTL40q/fGpXgUl/91s
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Xorddos family
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1