General

  • Target

    cf6edcbbadf59bc9753c2be1ca28665b_JaffaCakes118

  • Size

    22KB

  • Sample

    240906-nf1ajstgrg

  • MD5

    cf6edcbbadf59bc9753c2be1ca28665b

  • SHA1

    f4c02cd9bc42a2fb9c561b8d62b3646060081421

  • SHA256

    e8f04adef24f9020f9f6885c5a67381a477235eca7b4d07c815ed9f8569defaf

  • SHA512

    64f6b8024eb8a04fc7b1c819e119488ec2af4878ded4e09632a6e4fee173ea3e5642abda5e39f27a6c7e24aca71bdaf20ed9186e07e39cc60cb2fab2a1ad37c4

  • SSDEEP

    384:fQ6PgM8PvaA0Rj1vre1aLwJVcKLwbVcioHjiiQZ0p4ESzy14uazp1cCq2CqwRwbs:fQ6PgM8PvaA0Rj1vre1iAVcSeVchDii1

Malware Config

Targets

    • Target

      cf6edcbbadf59bc9753c2be1ca28665b_JaffaCakes118

    • Size

      22KB

    • MD5

      cf6edcbbadf59bc9753c2be1ca28665b

    • SHA1

      f4c02cd9bc42a2fb9c561b8d62b3646060081421

    • SHA256

      e8f04adef24f9020f9f6885c5a67381a477235eca7b4d07c815ed9f8569defaf

    • SHA512

      64f6b8024eb8a04fc7b1c819e119488ec2af4878ded4e09632a6e4fee173ea3e5642abda5e39f27a6c7e24aca71bdaf20ed9186e07e39cc60cb2fab2a1ad37c4

    • SSDEEP

      384:fQ6PgM8PvaA0Rj1vre1aLwJVcKLwbVcioHjiiQZ0p4ESzy14uazp1cCq2CqwRwbs:fQ6PgM8PvaA0Rj1vre1iAVcSeVchDii1

    • Executes dropped EXE

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Disables SELinux

      Disables SELinux security module.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

MITRE ATT&CK Enterprise v15

Tasks