Extracted

• • Target

    018f5f90bc3052d4d77fa8a627e1db2a_JaffaCakes118

  • Size

    247KB

  • MD5

    018f5f90bc3052d4d77fa8a627e1db2a

  • SHA1

    570c0414ea4b8bec35b7cb795b6d3e8c1dadf98f

  • SHA256

    22a21f11a94c0c614d87883b82f461e1a0ed4661d3fb91d9fd20f1cf54738541

  • SHA512

    a2c3300eab0c701397222f11ae78afdd1283f1f4a43a91bed53594f89da3f6106b9f14830527b6d8c92d5e1cfbd41ead58dc069adb3482fb4afe36e71a9a5b56

  • SSDEEP

    6144:nSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCPhhhR//mqYl:mZRgUY/fsJcO1KOiXOhhhBel

  Score

  10^/10

  xorddosantivmbotnetdownloaderinfostealerpersistenceupx

  • XorDDoS

    Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    botnetdownloaderxorddos

  • Executes dropped EXE

  • Reads EFI boot settings

    Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    infostealer

  • UPX packed file

    Detects executables packed with UPX/modified UPX open source packer.

    upx

  • Unexpected DNS network traffic destination

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Checks CPU configuration

    Checks CPU information which indicate if the system is a virtual machine.

    antivm

  • Creates/modifies Cron job

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence

  • Modifies init.d

    Adds/modifies system service, likely for persistence.

    persistence

  • Write file to user bin folder

  behavioral1