General
-
Target
ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118
-
Size
30KB
-
Sample
240820-kcchjawckp
-
MD5
ae82d283c9d196bcc0b7b8539f40d6e8
-
SHA1
3ba79f0318344ea58c233706be999f1f786ef1fc
-
SHA256
44832ee8b46d8f32f5aaad9ee62e67a5b84af8516d0f8ef9f9052171b58ffa0e
-
SHA512
5e7ae874850938c1467bd481f4f2e3daceeca74fca796572a4a5b488cb880de428b4cf77c8fb8eaebbb0866d0d55c95d5cbacf53023ad1ff02e1332393768510
-
SSDEEP
384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKs:p78zQ5VFNcDAFLcIwgnoYq0xFBVdHtXn
Static task
static1
Behavioral task
behavioral1
Sample
ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118
Resource
debian9-mipsbe-20240418-en
Behavioral task
behavioral4
Sample
ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118
Resource
debian9-mipsel-20240611-en
Malware Config
Targets
-
-
Target
ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118
-
Size
30KB
-
MD5
ae82d283c9d196bcc0b7b8539f40d6e8
-
SHA1
3ba79f0318344ea58c233706be999f1f786ef1fc
-
SHA256
44832ee8b46d8f32f5aaad9ee62e67a5b84af8516d0f8ef9f9052171b58ffa0e
-
SHA512
5e7ae874850938c1467bd481f4f2e3daceeca74fca796572a4a5b488cb880de428b4cf77c8fb8eaebbb0866d0d55c95d5cbacf53023ad1ff02e1332393768510
-
SSDEEP
384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKs:p78zQ5VFNcDAFLcIwgnoYq0xFBVdHtXn
Score10/10-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor
Disables AppArmor security module.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-