General
-
Target
e3fb4dc382dfa4fe37498329727bea34_JaffaCakes118
-
Size
28KB
-
Sample
240916-ehn6maybpn
-
MD5
e3fb4dc382dfa4fe37498329727bea34
-
SHA1
a2aa6b00de3fb975fce1c3ab6d8e4f290df9a3fd
-
SHA256
b7b12dcb15e682c62eb4151041251b62a4ac86e76ac87f4af65be0818b648174
-
SHA512
177954ced290f48bd34fe3d0b2c3bdbc3683772cbd2256c174675cd00a4606ca2fa42b2da4f3d5fbf3c124209b8e367c287bc769378253bcce61fcc57792baaf
-
SSDEEP
384:p7pQQwQHDf6jlpTWg3vMGQiKMvU/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeg:p7JVFNcD8FLcIwgiYq0xFB25
Malware Config
Targets
-
-
Target
e3fb4dc382dfa4fe37498329727bea34_JaffaCakes118
-
Size
28KB
-
MD5
e3fb4dc382dfa4fe37498329727bea34
-
SHA1
a2aa6b00de3fb975fce1c3ab6d8e4f290df9a3fd
-
SHA256
b7b12dcb15e682c62eb4151041251b62a4ac86e76ac87f4af65be0818b648174
-
SHA512
177954ced290f48bd34fe3d0b2c3bdbc3683772cbd2256c174675cd00a4606ca2fa42b2da4f3d5fbf3c124209b8e367c287bc769378253bcce61fcc57792baaf
-
SSDEEP
384:p7pQQwQHDf6jlpTWg3vMGQiKMvU/4Qdre21jT58vKpG2Y0orcfKLUv0KZnNEVdeg:p7JVFNcD8FLcIwgiYq0xFB25
Score10/10-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Abuse Elevation Control Mechanism: Sudo and Sudo Caching
Abuse sudo or cached sudo credentials to execute code.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Disables AppArmor
Disables AppArmor security module.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Legitimate hosting services abused for malware hosting/C2
-