Overview

overview

10

Static

static

10

.rsync/a/a

ubuntu-18.04-amd64

7

.rsync/a/a

debian-9-armhf

7

.rsync/a/a

debian-9-mips

7

.rsync/a/a

debian-9-mipsel

7

.rsync/a/anacron

ubuntu-22.04-amd64

6

.rsync/a/cron

ubuntu-22.04-amd64

1

.rsync/a/run

ubuntu-18.04-amd64

3

.rsync/a/run

debian-9-armhf

3

.rsync/a/run

debian-9-mips

3

.rsync/a/run

debian-9-mipsel

3

.rsync/a/stop

ubuntu-18.04-amd64

6

.rsync/a/stop

debian-9-armhf

6

.rsync/a/stop

debian-9-mips

6

.rsync/a/stop

debian-9-mipsel

6

.rsync/c/go

ubuntu-18.04-amd64

3

.rsync/c/go

debian-9-armhf

3

.rsync/c/go

debian-9-mips

3

.rsync/c/go

debian-9-mipsel

3

.rsync/c/golan

ubuntu-18.04-amd64

1

.rsync/c/golan

debian-9-armhf

1

.rsync/c/golan

debian-9-mips

1

.rsync/c/golan

debian-9-mipsel

1

.rsync/c/l...c.so.6

ubuntu-22.04-amd64

.rsync/c/l...l.so.2

ubuntu-24.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-22.04-amd64

1

.rsync/c/l...s.so.2

ubuntu-24.04-amd64

1

.rsync/c/l...d.so.0

ubuntu-24.04-amd64

.rsync/c/l....23.so

ubuntu-24.04-amd64

1

.rsync/c/l...v.so.2

ubuntu-24.04-amd64

1

.rsync/c/lib/32/tsm

ubuntu-24.04-amd64

1

.rsync/c/l...c.so.6

ubuntu-22.04-amd64

1

.rsync/c/l...l.so.2

ubuntu-24.04-amd64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1a316d0973bb4f80adeda96a9ff52198_JaffaCakes118

  • Size

    5.5MB

  • Sample

    240628-p5d92stcjl

  • MD5

    1a316d0973bb4f80adeda96a9ff52198

  • SHA1

    7b6856f40a43cc7ed5ee67fca884486ef85d791c

  • SHA256

    7a7bfa4f84e073d45b33ca6d4e5f263d31aa512d124bc6c682029f2b831c7c08

  • SHA512

    0e254c78bcf653f773581de5b2d7f71ebd721f9940973ee9a4c5b80a243ddd859141b03fc28d8b2dce0f98d3dde2fe1b74086d8d6fa90485be84b98d64c69d4e

  • SSDEEP

    98304:q13V3a0rqRIZ+wrvNoGRtKzIVLplxsVmHOx+IK4Wpi5WVHpC/tBYVZpaLEItyQ:q13V3HrqR4NlEzIJprsVmHUWkQJC4I

Score
10/10
xmrigantivmlinuxminerrootkit

Malware Config

Targets

    • Target

      .rsync/a/a

    • Size

      876B

    • MD5

      de5869436d84eee7b336fb5c51675290

    • SHA1

      4427d10cc48b92208b9d61b45f45b3156e884813

    • SHA256

      9d4fef06b12d18385f1c45dd4e37f031c6590b080ea5446ff7a5bac491daea50

    • SHA512

      f26bcbdcf7417308bdec3f3f8b6ef453d2b7417b16d015eeddfc447955068b48667554fd9a1b896ee9d44ac3c2cac54137fc455c45f94251f42e5e3a1e7b6230

    Score
    7/10
    antivmrootkit

    • Executes dropped EXE

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1behavioral2behavioral3behavioral4

    • Target

      .rsync/a/anacron

    • Size

      2.8MB

    • MD5

      8d5d71c56b1f807edac5ac734feab41a

    • SHA1

      ca2064303d74f5fec98d717f35cd8ee20e81b722

    • SHA256

      49da718733de850ddd7e871fee1d2f041508d28b9cfc58a822786151004a9c2c

    • SHA512

      514337791f6c2b71e9303899a6206f92eb905c780729008f3f754f256811332caa5d608662272a6eb3b1f3cf70d1ec528509bbe3f68c7960fc9df63c463fce3f

    • SSDEEP

      49152:m7rTifP8qyUnJ1jIYuOwxC7mQ595+T91hGtZ1:Irm38qyUnJ1jgx0B5evhG

    Score
    6/10
    antivm

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    behavioral5

    • Target

      .rsync/a/cron

    • Size

      855KB

    • MD5

      44eb8a45f76008fb87cb9fff2c850f70

    • SHA1

      00c08a29e8477000f6fbfc5693ee7dbea0669743

    • SHA256

      f8625cb1ff23bb7155359cf462701fa6cda0b33728fd06f88d626b93646ec645

    • SHA512

      f5750e0f5829ad38a05864f0f1d3f24dab786d7386afd08b423ac7aa4481021465c2877bc03b9dbc352a3ced34d9f38b06009fdad337d36fbb840f8e044e9af8

    • SSDEEP

      24576:tRo40cWKu0K8rmdgCxlJWhabW/////////In6C1NdvKODyYGhiDC61N04EXBJDJG:10cWKu0K8CpxlJWhabW/////////In60

    Score
    1/10
    behavioral6

    • Target

      .rsync/a/run

    • Size

      215B

    • MD5

      5b63cdc5b5ceef5bde4a2f9672f68069

    • SHA1

      7491fe2657c4fa2a8d99fcd7a56e38624ff8b7fc

    • SHA256

      cf4aaf185449bb639ec7e7fab66583488c79526bff02c08154190c66c2cd31b3

    • SHA512

      e32275e3e15c824c854329401aaece0a0456535ecdb2b296df12ef18f31613cff183fbd4279331014bc332d42f1b8c54e97aecd9029ee70d240c2468851d4551

    Score
    3/10
    behavioral10behavioral7behavioral8behavioral9

    • Target

      .rsync/a/stop

    • Size

      114B

    • MD5

      b726837db1e4d3a05a4749fdc7a4f9d5

    • SHA1

      793d9bb347cdc6bf99a1a6eeff2a210a6f149734

    • SHA256

      ad46ee339c92694f3d8b072b74eec325e416bbbf305803345d6fc4e787832af6

    • SHA512

      ce24fcc586b0172409352020c07bb49069fa8ffe7e4fb9c3f350c6b2f02c5a997b83dfb6ce6ac35db168434c7f68d0cd95f1ab198d25f2ee6ab9b13067a7ecc4

    Score
    6/10

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral11behavioral12behavioral13behavioral14

    • Target

      .rsync/c/go

    • Size

      362B

    • MD5

      78cbdcbdbf2e61bee3fc793b3da935ae

    • SHA1

      44e3a92d0dc75a5bafa868a44249965b1c372f52

    • SHA256

      73b0e0ba690cd999f339186a5e503db21ae70ffa87505ff7bbdc5879b1ede7bf

    • SHA512

      ae8f90f0572f27fd78a49c964a44b4ca64a418eaad1296dbdc5b51d3532b2b12aea2a0a4b7d453dda7fb6220cfef485c9c551c1c093814f17c03c51a9c063f3e

    Score
    3/10
    behavioral15behavioral16behavioral17behavioral18

    • Target

      .rsync/c/golan

    • Size

      216B

    • MD5

      a2b73878d45f86fada36ccc042a0a44a

    • SHA1

      3d3ebc2acb64bb6e57f5d41d29f73522c69ee516

    • SHA256

      1cc9c6a2c0f2f41900c345b0216023ed51d4e782ed61ed5e39eb423fb2f1ddd8

    • SHA512

      b49f2bbc63b2e3dbcee251a01805609439c9524fa798b0c5c6636a49abdb3798bc1c9136f9887969d57faaed4237a92812533bfdd0509e94527572d020cc2005

    Score
    1/10
    behavioral19behavioral20behavioral21behavioral22

    • Target

      .rsync/c/lib/32/libc.so.6

    • Size

      1.7MB

    • MD5

      5efa4121a76c377005e2f75c65ead6c4

    • SHA1

      d113ad309edaa3902fb7a5ddb84236a4db651667

    • SHA256

      fab65ef05cd63c452a554a0c0808d3773be9fcc7e9a82ca36ae21c8f2db45454

    • SHA512

      6d639eceb6b50fdaa6da8e89a4de3febbe6011b862c03426703d94e4bc419af56ad457a8b1a8bc997157031b5db76e84b0f9e7d012e83c5430fdd29eec951b1b

    • SSDEEP

      49152:30K4/W3GBsqM/KW05skZzVIdhK6hNIhdUhTh0Vdwas9:30K4/gf/KWqZzVIPzhNIhdUhTh0j

    Score
    1/10
    behavioral23

    • Target

      .rsync/c/lib/32/libdl.so.2

    • Size

      13KB

    • MD5

      92f19f5b4b9e548f84167b66ee9a025c

    • SHA1

      e7055579bd464efed60f75d36afb6b2fb716e4e6

    • SHA256

      625ac196ce9304e9866091adbe3049f3d6db2d0ed19006a3f059f16c91842e8d

    • SHA512

      d240c3fe3df810b0bc8b121826445f08f2245746f40db20249cb6328c5ac20ae5ddec6221459256105482316c52072b5084750d45dddbe471b80eac7ff34c849

    • SSDEEP

      192:dRk8ptpli4NBX3DgyxD5gBe8wfCc40YnJITI9obKWWBqyPtWuLUYF1TnbJA+Hhbz:XJU4rz5xMjwf9Yn1KbJW44UEFwc9RMB

    Score
    1/10
    behavioral24

    • Target

      .rsync/c/lib/32/libnss_dns.so.2

    • Size

      21KB

    • MD5

      2060b911f9dea4868008a118a05c3b5c

    • SHA1

      2517c720af5bd9d2f8ae2f0ff4af719dea0897d7

    • SHA256

      6ececee805321cab411b8096c0278e3439345c7a908c827660b159f33721e52a

    • SHA512

      4e59c311cb36128c03d2d20015a1774ebd16c942529ed36a1c61a2927838982c41b577cb974e00f400c87c9ad1471e770d851882a0b08f65aae7736631baad65

    • SSDEEP

      384:sx7Mk94cggxdSzSBqYXcoA5C8AHbysQpKihroSUT6ZTSa3DGB/i7eX:sx7Mk95fXSz2+n5xZsQpN+GpGB/weX

    Score
    1/10
    behavioral25

    • Target

      .rsync/c/lib/32/libnss_files.so.2

    • Size

      45KB

    • MD5

      a29bf9d123163547c6da2fec9b5b966f

    • SHA1

      5e621e6c0a7f3c93eee63322b5ab463fc643528b

    • SHA256

      c9d9c6ba9e9c4f146b7b750964edbf19776833e7ad262bbf9c1b066e21b48726

    • SHA512

      ce7b18e2bad667cea6fdc7b5381a0b0dc8aa96754aa9de0f437cae035e94e167d9a866148b6635a1c2b0d75c8a20f31cc6bddfea3b039e8545170913da5485fd

    • SSDEEP

      768:SiYIe325+qpfTRuz5pGF6Lr/JeaBzjQa/KQAG8rfpsp8QFUETtr2S:S6e3251tuzvs6waBzsa/KQAV1uTtr

    Score
    1/10
    behavioral26

    • Target

      .rsync/c/lib/32/libpthread.so.0

    • Size

      131KB

    • MD5

      75e1a716e551baf6642bb528dc54827c

    • SHA1

      45bb73434f758614b05674448a1b75d4ea94e14a

    • SHA256

      36eb6ba6e40581345d15c98f6dce9a4be32318edac04ede7196e4b89aba80cdc

    • SHA512

      bc73c1d645f5f310741353f7af901b94114bb9e436a8895f471f4129a9a81bd341a7436b990a600dd6a2f4e8097b5043d13079f060e3c568a7cfabe522e13e1c

    • SSDEEP

      3072:l1rnbnfrlf0vAZ7/SSb56vHgewhhai9+4Xatqz:3bnfrlfWq739+4Xatqz

    Score
    1/10
    behavioral27

    • Target

      .rsync/c/lib/32/libresolv-2.23.so

    • Size

      85KB

    • MD5

      0bd2d88d9d55e8838b65b5730403801b

    • SHA1

      d88c527c44841898ce0a4bf27291313f77a2a27d

    • SHA256

      362e3db0b24bb14b98d6c1926afe52d6ef8b23804caca0d7b8ec05c73ae7d7d9

    • SHA512

      1c3f790b173ee3be055633f0f974a7f4edee4d51280fc81f576e6734131e119cd935b1164ff3eb1ef8f438203931cc8da45eb73a51ff3757e25c7e6b89b78bf8

    • SSDEEP

      1536:+c3QWGtAyDfhqO1yerjRxtXXPJIyIImIjgU/3FwGxi8y8BeL2r2Z/1/f:NMOCJQUjRzXXhIErVweBeLz1

    Score
    1/10
    behavioral28

    • Target

      .rsync/c/lib/32/libresolv.so.2

    • Size

      85KB

    • MD5

      0bd2d88d9d55e8838b65b5730403801b

    • SHA1

      d88c527c44841898ce0a4bf27291313f77a2a27d

    • SHA256

      362e3db0b24bb14b98d6c1926afe52d6ef8b23804caca0d7b8ec05c73ae7d7d9

    • SHA512

      1c3f790b173ee3be055633f0f974a7f4edee4d51280fc81f576e6734131e119cd935b1164ff3eb1ef8f438203931cc8da45eb73a51ff3757e25c7e6b89b78bf8

    • SSDEEP

      1536:+c3QWGtAyDfhqO1yerjRxtXXPJIyIImIjgU/3FwGxi8y8BeL2r2Z/1/f:NMOCJQUjRzXXhIErVweBeLz1

    Score
    1/10
    behavioral29

    • Target

      .rsync/c/lib/32/tsm

    • Size

      144KB

    • MD5

      24175a52f0df8a88a3160a4bd5a59d29

    • SHA1

      82c1c28a394bbeb48bbf85cec98f78ef5b6f49c7

    • SHA256

      ac2513b3d37de1e89547d12d4e05a899848847571a3b11b18db0075149e85dcc

    • SHA512

      1a70644bfe3a9d6c7d476df2d30ddb7975d7625987bc3141c19e872a5b1c46712cd30b62856611eb52b9f3bfa801812ebde96d2f5d5d9ee337e8b5b89d9a4495

    • SSDEEP

      3072:0eZtwoq+6Eccjcc2c8tmQVjFkyCJrAQzg6ubQ9:0utwoB6Eccj4cemQVFkJJrSb0

    Score
    1/10
    behavioral30

    • Target

      .rsync/c/lib/64/libc.so.6

    • Size

      1.8MB

    • MD5

      8c0d248ea33e6ef17b759fa5d81dda9e

    • SHA1

      238e834fc5baa8094f5db0cde465385917be4c6a

    • SHA256

      74ca69ada4429ae5fce87f7e3addb56f1b53964599e8526244fecd164b3c4b44

    • SHA512

      f6914058539222064556d16bec1d5e867da17a463910d9c723f9ff4b7f0c3a1bd71b67aa5770b8fccc94663f53879902ad2048cdf0be90c393e4bf369a8b4342

    • SSDEEP

      24576:oOj9DfWKJRe2Z6S+daAcf1vZXMlOREio7PmnL/NlXIrDq:3VWK75Z6hkAcf1vZXM8RvnxlXI/

    Score
    1/10
    behavioral31

    • Target

      .rsync/c/lib/64/libdl.so.2

    • Size

      14KB

    • MD5

      db97e3a3b19b8f3e8aeb1b059ed5416a

    • SHA1

      28a7e65de1602dbc4f7f03c4883c8937847cf674

    • SHA256

      29189e885d336c2b9ab94e54ca143db5d85fe41fd6aee8f999caba3ea995706e

    • SHA512

      86f6e6e1477a1e541408ecb04a06fcd08fc5e68fe9dd311b6be2b098ece4b4abdc8b39ffc0083b3d3b27fcca627917195c08c69516942691e179b100b76f3008

    • SSDEEP

      192:Rqom8ptBTZblY+D8r9SSuAaeRkmTDfuci8M:5/TZxrNA2mTjueM

    Score
    1/10
    behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

3
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

3
T1497

System Information Discovery

6
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

minerxmrig
Score
10/10

behavioral1

antivmrootkit
Score
7/10

behavioral2

antivm
Score
7/10

behavioral3

antivm
Score
7/10

behavioral4

antivm
Score
7/10

behavioral5

antivm
Score
6/10

behavioral6

Score
1/10

behavioral7

Score
3/10

behavioral8

Score
3/10

behavioral9

Score
3/10

behavioral10

Score
3/10

behavioral11

Score
6/10

behavioral12

Score
6/10

behavioral13

Score
6/10

behavioral14

Score
6/10

behavioral15

Score
3/10

behavioral16

Score
3/10

behavioral17

Score
3/10

behavioral18

Score
3/10

behavioral19

Score
1/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
1/10

behavioral27

Score
1/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10