General
-
Target
250512-1kzk2axye1.bin
-
Size
549KB
-
Sample
250512-1mgs1axygv
-
MD5
527f82b2285ac2a6b2cfe3eb9712ebde
-
SHA1
e51a2bae220d494d1c9345dd314756c2141e3e91
-
SHA256
52f74b25e1c3de023526ea8d8d3f93990523506dd3e5535cc53695092c1f982b
-
SHA512
6e4ecff1e26e015e688176c5c8fb62f65a3e10429ef71cc59a4e4c91bde847027cea9e763d2042edecc89c8c8c3d3fa42f9a3bdcc8af6cd99d91561e5ace09ac
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
Behavioral task
behavioral1
Sample
250512-1kzk2axye1.bin
Resource
ubuntu2204-amd64-20250307-en
Malware Config
Extracted
xorddos
whois.checkokdomain.com:112
winrar.monstervp.com:112
http://qq.com/lib.asp
-
crc_polynomial
CDB88320
Targets
-
-
Target
250512-1kzk2axye1.bin
-
Size
549KB
-
MD5
527f82b2285ac2a6b2cfe3eb9712ebde
-
SHA1
e51a2bae220d494d1c9345dd314756c2141e3e91
-
SHA256
52f74b25e1c3de023526ea8d8d3f93990523506dd3e5535cc53695092c1f982b
-
SHA512
6e4ecff1e26e015e688176c5c8fb62f65a3e10429ef71cc59a4e4c91bde847027cea9e763d2042edecc89c8c8c3d3fa42f9a3bdcc8af6cd99d91561e5ace09ac
-
SSDEEP
12288:VeRvuKqiVZ4En5drNK0pPEfJKlHZ8mG97Qxee6yzmx:VIv/qiVNHNDEfJKHZ8mG9QeeO
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
XorDDoS payload
-
Xorddos family
-
Deletes itself
-
Executes dropped EXE
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v16
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1