General
-
Target
e18e805087ea6f63cf907907dc1d0a08_JaffaCakes118
-
Size
64KB
-
Sample
240915-c9h3kssanl
-
MD5
e18e805087ea6f63cf907907dc1d0a08
-
SHA1
ebe527ca26f78e5d347f22f323ee3f11d58cd57a
-
SHA256
e1d7014b84618cd7fbf94439c78fe7d67f351cbc5536885fa3d94ea15325d83b
-
SHA512
92115775959fa27619200334a0add1a448440ae5512aded7bd55937fec1daa0964d54f2e0f881b61515270f5bb783c9d2ab5096fd452529b8af633bff0938784
-
SSDEEP
768:57kFIBuFkc2zq0xvMGd5QP5ez4Z88mqKWCgpK8d7Cuaxz5st3P/hpE90550RQKIR:KF2Lc2Xnd5QhK8dmtq7b50BIR
Behavioral task
behavioral1
Sample
e18e805087ea6f63cf907907dc1d0a08_JaffaCakes118
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
e18e805087ea6f63cf907907dc1d0a08_JaffaCakes118
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
e18e805087ea6f63cf907907dc1d0a08_JaffaCakes118
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
e18e805087ea6f63cf907907dc1d0a08_JaffaCakes118
Resource
debian9-mipsel-20240418-en
Malware Config
Targets
-
-
Target
e18e805087ea6f63cf907907dc1d0a08_JaffaCakes118
-
Size
64KB
-
MD5
e18e805087ea6f63cf907907dc1d0a08
-
SHA1
ebe527ca26f78e5d347f22f323ee3f11d58cd57a
-
SHA256
e1d7014b84618cd7fbf94439c78fe7d67f351cbc5536885fa3d94ea15325d83b
-
SHA512
92115775959fa27619200334a0add1a448440ae5512aded7bd55937fec1daa0964d54f2e0f881b61515270f5bb783c9d2ab5096fd452529b8af633bff0938784
-
SSDEEP
768:57kFIBuFkc2zq0xvMGd5QP5ez4Z88mqKWCgpK8d7Cuaxz5st3P/hpE90550RQKIR:KF2Lc2Xnd5QhK8dmtq7b50BIR
-
XMRig Miner payload
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Executes dropped EXE
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Disables AppArmor
Disables AppArmor security module.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Write file to user bin folder
-