General
-
Target
41a3a79180e513fc91608425b0e6c577_JaffaCakes118
-
Size
247KB
-
Sample
240330-w7b12abg6y
-
MD5
41a3a79180e513fc91608425b0e6c577
-
SHA1
696422c330d28538b6623f7f3efa8752b44e6924
-
SHA256
52ae63185e64d30c1f678752833a21d7e864369c8283aba88334c1e7b5ab5255
-
SHA512
354cf85f373fd5a81ee8e6d14084d744a71bbbf2f7353fad721dc88f96ae19b7370eee4f982f8bb7ac15eb4417cf2d3e315b4eb1959c1139ed0924e3c2e59e5f
-
SSDEEP
6144:gSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCyShhh3P/M9ts/mqYi:zZRgUY/fsJcO1KOiXuhhh89Cei
Behavioral task
behavioral1
Sample
41a3a79180e513fc91608425b0e6c577_JaffaCakes118
Resource
ubuntu2004-amd64-20240221-en
Malware Config
Extracted
xorddos
-
crc_polynomial
EDB88320
Targets
-
-
Target
41a3a79180e513fc91608425b0e6c577_JaffaCakes118
-
Size
247KB
-
MD5
41a3a79180e513fc91608425b0e6c577
-
SHA1
696422c330d28538b6623f7f3efa8752b44e6924
-
SHA256
52ae63185e64d30c1f678752833a21d7e864369c8283aba88334c1e7b5ab5255
-
SHA512
354cf85f373fd5a81ee8e6d14084d744a71bbbf2f7353fad721dc88f96ae19b7370eee4f982f8bb7ac15eb4417cf2d3e315b4eb1959c1139ed0924e3c2e59e5f
-
SSDEEP
6144:gSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCyShhh3P/M9ts/mqYi:zZRgUY/fsJcO1KOiXuhhh89Cei
-
XorDDoS
Botnet and downloader malware targeting Linux-based operating systems and IoT devices.
-
Executes dropped EXE
-
Reads EFI boot settings
Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.
-
Unexpected DNS network traffic destination
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Write file to user bin folder
-