General
-
Target
f92072637a0d5eede9213405cca50f48_JaffaCakes118
-
Size
61KB
-
Sample
240419-a3k79acf2z
-
MD5
f92072637a0d5eede9213405cca50f48
-
SHA1
c326fafaf0b92a501e99286f7ceb4a0313f97eae
-
SHA256
e958305ce1aba8b1314c35d65ce711e9336d55e1b445560adc053c4446a32d60
-
SHA512
4d1ae93e239790a484785df89f662fa2b04accc89d79e6367ad7c84731b9b53badaa9afba4d0281dabcdc5d3a94c25f901b86e4dfaec1706cf63b5e8c4100afb
-
SSDEEP
1536:8F2cc2/ndOQvL0KKBoLdAkKFOmm5air0TIe:8F2ccQGoL2v47ccyIe
Malware Config
Targets
-
-
Target
f92072637a0d5eede9213405cca50f48_JaffaCakes118
-
Size
61KB
-
MD5
f92072637a0d5eede9213405cca50f48
-
SHA1
c326fafaf0b92a501e99286f7ceb4a0313f97eae
-
SHA256
e958305ce1aba8b1314c35d65ce711e9336d55e1b445560adc053c4446a32d60
-
SHA512
4d1ae93e239790a484785df89f662fa2b04accc89d79e6367ad7c84731b9b53badaa9afba4d0281dabcdc5d3a94c25f901b86e4dfaec1706cf63b5e8c4100afb
-
SSDEEP
1536:8F2cc2/ndOQvL0KKBoLdAkKFOmm5air0TIe:8F2ccQGoL2v47ccyIe
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Changes its process name
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor
Disables AppArmor security module.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads CPU attributes
-
Write file to user bin folder
-