General

  • Target

    5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118

  • Size

    1.3MB

  • Sample

    240520-h3yscahd32

  • MD5

    5dd0958ec75fcf14d16d03b2ec7629d0

  • SHA1

    b72c201d1fb3b239395b1136675760e3a7365111

  • SHA256

    bb6cb684d2845050828adef8e78e6a242ad595064bce60d675d2b240a4ebf87d

  • SHA512

    74bfda790e337735e33d7a1b633369f64cb3ba8df4280213f3d4f6a7cb9dbd73db3f77f305d34cf7868fd3da251a15f152dc7db89091ae8bcf475c1f72535ee4

  • SSDEEP

    24576:yCa8ARRfmnnphS5aczgzKJFVhtwyhOuaX92Io44FbUwaBN6c:ja8AHmnnS5acketwyhO/IE8bUV6c

Malware Config

Targets

    • Target

      5dd0958ec75fcf14d16d03b2ec7629d0_JaffaCakes118

    • Size

      1.3MB

    • MD5

      5dd0958ec75fcf14d16d03b2ec7629d0

    • SHA1

      b72c201d1fb3b239395b1136675760e3a7365111

    • SHA256

      bb6cb684d2845050828adef8e78e6a242ad595064bce60d675d2b240a4ebf87d

    • SHA512

      74bfda790e337735e33d7a1b633369f64cb3ba8df4280213f3d4f6a7cb9dbd73db3f77f305d34cf7868fd3da251a15f152dc7db89091ae8bcf475c1f72535ee4

    • SSDEEP

      24576:yCa8ARRfmnnphS5aczgzKJFVhtwyhOuaX92Io44FbUwaBN6c:ja8AHmnnS5acketwyhO/IE8bUV6c

    • Executes dropped EXE

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Defense Evasion

Hijack Execution Flow

2
T1574

Virtualization/Sandbox Evasion

1
T1497

Discovery

System Network Configuration Discovery

2
T1016

Virtualization/Sandbox Evasion

1
T1497

Tasks