General

  • Target

    ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118

  • Size

    30KB

  • Sample

    240820-kcchjawckp

  • MD5

    ae82d283c9d196bcc0b7b8539f40d6e8

  • SHA1

    3ba79f0318344ea58c233706be999f1f786ef1fc

  • SHA256

    44832ee8b46d8f32f5aaad9ee62e67a5b84af8516d0f8ef9f9052171b58ffa0e

  • SHA512

    5e7ae874850938c1467bd481f4f2e3daceeca74fca796572a4a5b488cb880de428b4cf77c8fb8eaebbb0866d0d55c95d5cbacf53023ad1ff02e1332393768510

  • SSDEEP

    384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKs:p78zQ5VFNcDAFLcIwgnoYq0xFBVdHtXn

Malware Config

Targets

    • Target

      ae82d283c9d196bcc0b7b8539f40d6e8_JaffaCakes118

    • Size

      30KB

    • MD5

      ae82d283c9d196bcc0b7b8539f40d6e8

    • SHA1

      3ba79f0318344ea58c233706be999f1f786ef1fc

    • SHA256

      44832ee8b46d8f32f5aaad9ee62e67a5b84af8516d0f8ef9f9052171b58ffa0e

    • SHA512

      5e7ae874850938c1467bd481f4f2e3daceeca74fca796572a4a5b488cb880de428b4cf77c8fb8eaebbb0866d0d55c95d5cbacf53023ad1ff02e1332393768510

    • SSDEEP

      384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKs:p78zQ5VFNcDAFLcIwgnoYq0xFBVdHtXn

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Disables AppArmor

      Disables AppArmor security module.

    • Disables SELinux

      Disables SELinux security module.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks