General
-
Target
21.elf
-
Size
611KB
-
Sample
250510-hktexawpx4
-
MD5
89c8bf3e09d8179b979e08eff7b18aa1
-
SHA1
a05b92cbb69e1a68fab7034e7ff2beca572d6cc2
-
SHA256
ce47e4dfa397b69b82c7081d705d60b075e14143e942942a6d08ea1af09c12eb
-
SHA512
a7632defe5d5c4b7a1966e8f1083fcbb9c698291a4fea8282bfa75baccc1ca2889535b744d59a600de56e3ba5dc43225feadcdd7c8056cbfcfff990d5d0e8e0f
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrlT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNlBVEBl/91h
Behavioral task
behavioral1
Sample
21.elf
Resource
ubuntu2204-amd64-20250307-en
Malware Config
Extracted
xorddos
http://aa.hostasa.org/config.rar
whois.checkokdomain.com:21
winrar.monstervp.com:21
-
crc_polynomial
EDB88320
Targets
-
-
Target
21.elf
-
Size
611KB
-
MD5
89c8bf3e09d8179b979e08eff7b18aa1
-
SHA1
a05b92cbb69e1a68fab7034e7ff2beca572d6cc2
-
SHA256
ce47e4dfa397b69b82c7081d705d60b075e14143e942942a6d08ea1af09c12eb
-
SHA512
a7632defe5d5c4b7a1966e8f1083fcbb9c698291a4fea8282bfa75baccc1ca2889535b744d59a600de56e3ba5dc43225feadcdd7c8056cbfcfff990d5d0e8e0f
-
SSDEEP
12288:FBXOvdwV1/n/dQFhWlH/c1dHo4h9L+zNZrrlT6yF8EEP4UlUuTh1AG:FBXmkN/+Fhu/Qo4h9L+zNNlBVEBl/91h
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Xorddos family
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1