Overview

overview

10

Static

static

1

adfd826827...kes118

ubuntu-18.04-amd64

10

adfd826827...kes118

debian-9-armhf

6

adfd826827...kes118

debian-9-mips

adfd826827...kes118

debian-9-mipsel

Sharing

Copy URL
Twitter E-mail

General

  • Target

    adfd82682720153deaf4016646e10ff4_JaffaCakes118

  • Size

    28KB

  • Sample

    240615-mg3lmaxbra

  • MD5

    adfd82682720153deaf4016646e10ff4

  • SHA1

    ca692f655cb6bc8cbdc7ac816b4554d851beaeaf

  • SHA256

    91ee347a4a272d947faba623570bc9c23963d0d2eed0011cd62af856b9800f22

  • SHA512

    2411c51fa4e7af9d5a4ed6ef3121da1885f0f23239eacd59102e55c1974c12cc3f7b6748af30aa79ec686e972614000da626708045e42ef784f3a9a17336d3c6

  • SSDEEP

    384:p7pQQwQHDf6jlpTWg3vMGQiKMvU/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeq:p7JVFNcD8FLcIwgiYq0xFBt65

Score
10/10
xmrig_linuxevasionlinuxminerrootkit

Malware Config

Targets

    • Target

      adfd82682720153deaf4016646e10ff4_JaffaCakes118

    • Size

      28KB

    • MD5

      adfd82682720153deaf4016646e10ff4

    • SHA1

      ca692f655cb6bc8cbdc7ac816b4554d851beaeaf

    • SHA256

      91ee347a4a272d947faba623570bc9c23963d0d2eed0011cd62af856b9800f22

    • SHA512

      2411c51fa4e7af9d5a4ed6ef3121da1885f0f23239eacd59102e55c1974c12cc3f7b6748af30aa79ec686e972614000da626708045e42ef784f3a9a17336d3c6

    • SSDEEP

      384:p7pQQwQHDf6jlpTWg3vMGQiKMvU/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeq:p7JVFNcD8FLcIwgiYq0xFBt65

    Score
    10/10
    xmrig_linuxevasionminerrootkit

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

      evasion

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Disables AppArmor

      Disables AppArmor security module.

    • Disables SELinux

      Disables SELinux security module.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Legitimate hosting services abused for malware hosting/C2

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks