General

  • Target

    1ddb277105336c2e66b4e244a8d3de80_JaffaCakes118

  • Size

    174KB

  • Sample

    240329-kv1cbaec88

  • MD5

    1ddb277105336c2e66b4e244a8d3de80

  • SHA1

    8ce635b50823c56a24ca91650e40520e25380dd2

  • SHA256

    5c674f17be00ef48980141e4549ca8d5e6887503b428993cdaf831a0ee9ba966

  • SHA512

    e27c5d545a12b10afe634cb4b5ce9c8671cf2644ca074e2537892d5221f5e8ff2f33443a9b41c62782d5546fd7d7bf4a20625e8466855007fd67ec885aa2052c

  • SSDEEP

    3072:Pe1ywfQgR7Ee5ZiI/naVa1w/O/N2B1dSWHqsX43mGnWmgcygSw2EZAi:PMEyjaVa8OwdSWHqvmGnWmgcygSw2EZB

Score
10/10

Malware Config

Targets

    • Target

      1ddb277105336c2e66b4e244a8d3de80_JaffaCakes118

    • Size

      174KB

    • MD5

      1ddb277105336c2e66b4e244a8d3de80

    • SHA1

      8ce635b50823c56a24ca91650e40520e25380dd2

    • SHA256

      5c674f17be00ef48980141e4549ca8d5e6887503b428993cdaf831a0ee9ba966

    • SHA512

      e27c5d545a12b10afe634cb4b5ce9c8671cf2644ca074e2537892d5221f5e8ff2f33443a9b41c62782d5546fd7d7bf4a20625e8466855007fd67ec885aa2052c

    • SSDEEP

      3072:Pe1ywfQgR7Ee5ZiI/naVa1w/O/N2B1dSWHqsX43mGnWmgcygSw2EZAi:PMEyjaVa8OwdSWHqvmGnWmgcygSw2EZB

    Score
    9/10
    • Contacts a large (71328) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks