General

  • Target

    7980ffb3ad788b73397ce84b1aadf99b_JaffaCakes118

  • Size

    38KB

  • Sample

    240730-wps7la1gqk

  • MD5

    7980ffb3ad788b73397ce84b1aadf99b

  • SHA1

    5a72a4c4fc960458c2efaf37142b5f78eb99039f

  • SHA256

    84e502b8332b69daf009cd2e03ec372f2e037cd6477483f4d0cfa4779e21381d

  • SHA512

    e78c81a26c1ff2e10c323974f4d371bd21134d6471ae6e0669d2d18f42d4ac6daf2026094186c712acbd24f45917fba14f8577a4f6564324c039fcc449d1ae31

  • SSDEEP

    768:XadvhPGfQ+v/tqHOLkTT1ziJbaTfmKNj/qiq8TZ/aWCdSOuGe:OP2/tr6xUSfpNj7PKSBP

Malware Config

Targets

    • Target

      7980ffb3ad788b73397ce84b1aadf99b_JaffaCakes118

    • Size

      38KB

    • MD5

      7980ffb3ad788b73397ce84b1aadf99b

    • SHA1

      5a72a4c4fc960458c2efaf37142b5f78eb99039f

    • SHA256

      84e502b8332b69daf009cd2e03ec372f2e037cd6477483f4d0cfa4779e21381d

    • SHA512

      e78c81a26c1ff2e10c323974f4d371bd21134d6471ae6e0669d2d18f42d4ac6daf2026094186c712acbd24f45917fba14f8577a4f6564324c039fcc449d1ae31

    • SSDEEP

      768:XadvhPGfQ+v/tqHOLkTT1ziJbaTfmKNj/qiq8TZ/aWCdSOuGe:OP2/tr6xUSfpNj7PKSBP

    • Detects Kaiten/Tsunami Payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks