Extracted

• • Target

    0081ba6e059dd38a8c0098e71031ec7b_JaffaCakes118

  • Size

    247KB

  • MD5

    0081ba6e059dd38a8c0098e71031ec7b

  • SHA1

    f3953141c60bca96eb305e99626876662d263f60

  • SHA256

    a4917c19543d244216ab440d355e4e87fe806d2dbf57892dd8f62c51804f371a

  • SHA512

    91673e9b3eee2a8c6690c8fa7b983cc92c9003e86d6cb673c5d58ab59d4e0752188bd188523417529c73a91955bf454979243e87ad1f0ad1b7d368952a048bdc

  • SSDEEP

    6144:nSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCPhhhR//mqYT:mZRgUY/fsJcO1KOiXOhhhBeT

  Score

  10^/10

  xorddosantivmbotnetdownloaderinfostealerpersistenceupx

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos

  • Executes dropped EXE

  • Reads EFI boot settings

    Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    infostealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks CPU configuration

    Checks CPU information which indicate if the system is a virtual machine.

    antivm

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence

  • Write file to user bin folder

  behavioral1