General

  • Target

    41a3a79180e513fc91608425b0e6c577_JaffaCakes118

  • Size

    247KB

  • Sample

    240330-w7b12abg6y

  • MD5

    41a3a79180e513fc91608425b0e6c577

  • SHA1

    696422c330d28538b6623f7f3efa8752b44e6924

  • SHA256

    52ae63185e64d30c1f678752833a21d7e864369c8283aba88334c1e7b5ab5255

  • SHA512

    354cf85f373fd5a81ee8e6d14084d744a71bbbf2f7353fad721dc88f96ae19b7370eee4f982f8bb7ac15eb4417cf2d3e315b4eb1959c1139ed0924e3c2e59e5f

  • SSDEEP

    6144:gSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCyShhh3P/M9ts/mqYi:zZRgUY/fsJcO1KOiXuhhh89Cei

Malware Config

Extracted

Family

xorddos

Attributes
  • crc_polynomial

    EDB88320

Targets

    • Target

      41a3a79180e513fc91608425b0e6c577_JaffaCakes118

    • Size

      247KB

    • MD5

      41a3a79180e513fc91608425b0e6c577

    • SHA1

      696422c330d28538b6623f7f3efa8752b44e6924

    • SHA256

      52ae63185e64d30c1f678752833a21d7e864369c8283aba88334c1e7b5ab5255

    • SHA512

      354cf85f373fd5a81ee8e6d14084d744a71bbbf2f7353fad721dc88f96ae19b7370eee4f982f8bb7ac15eb4417cf2d3e315b4eb1959c1139ed0924e3c2e59e5f

    • SSDEEP

      6144:gSDFOrnwRgUbMisI6sdkH+M6hWOcy5KOZW7U6NCyShhh3P/M9ts/mqYi:zZRgUY/fsJcO1KOiXuhhh89Cei

    • XorDDoS

      Botnet and downloader malware targeting Linux-based operating systems and IoT devices.

    • Executes dropped EXE

    • Reads EFI boot settings

      Reads EFI boot settings from the efivars filesystem, may contain security secrets or sensitive data.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Write file to user bin folder

MITRE ATT&CK Enterprise v15

Tasks