General

  • Target

    3125209449028661388b81117a8b584a_JaffaCakes118

  • Size

    35KB

  • Sample

    240709-t34t5sshnn

  • MD5

    3125209449028661388b81117a8b584a

  • SHA1

    bd74537fdd6b4eb79c455e7091aa0200ed9d763d

  • SHA256

    be02387d21291f4caf1473fef60242f114b8fe3ce9415de2a0c43f031144cce1

  • SHA512

    2094e79601e6ef631b1dd8796e5f5e41578b13554d7c9c6645a9cb3c372d77f5ac7d6e8b9fd0640b4fc375a589f900d8185a1c55ef3bb843685f58fdce908740

  • SSDEEP

    384:BQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIDbO:ZFNB48Fkc2zq0xvcGGIZrL8eG

Malware Config

Targets

    • Target

      3125209449028661388b81117a8b584a_JaffaCakes118

    • Size

      35KB

    • MD5

      3125209449028661388b81117a8b584a

    • SHA1

      bd74537fdd6b4eb79c455e7091aa0200ed9d763d

    • SHA256

      be02387d21291f4caf1473fef60242f114b8fe3ce9415de2a0c43f031144cce1

    • SHA512

      2094e79601e6ef631b1dd8796e5f5e41578b13554d7c9c6645a9cb3c372d77f5ac7d6e8b9fd0640b4fc375a589f900d8185a1c55ef3bb843685f58fdce908740

    • SSDEEP

      384:BQQwQHDf6lpTWg3vM4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdUeUoJpJydIDbO:ZFNB48Fkc2zq0xvcGGIZrL8eG

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Adds new SSH keys

      Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    • Executes dropped EXE

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Deletes log files

      Deletes log files on the system.

    • Disables AppArmor

      Disables AppArmor security module.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks