General
-
Target
ea047bc4ae766b32a0c80b85b39f140b_JaffaCakes118
-
Size
42KB
-
Sample
240918-1h2bvavdnr
-
MD5
ea047bc4ae766b32a0c80b85b39f140b
-
SHA1
9dea25da47ba31c2b93d2f7cf2ac67e0259885e4
-
SHA256
aa62d2f1c7770196da0af32bf98b270197f4199927b2d9309e62ea57a9a59161
-
SHA512
f02e19e3dad16c04826cd2eb639788b931fdcdb1d833547addcbcce5f6f699788b57d42095427c811b3d15574a4f3ce9db487fbaff32dd08d68e13c617eb36cf
-
SSDEEP
768:qSV8OVcRm9+kyUW0+551sPbomVIys5q67DTka6SIejwiSJK3UEg6:5VZcE9XWx8UX5q6Z6aHg6
Malware Config
Targets
-
-
Target
ea047bc4ae766b32a0c80b85b39f140b_JaffaCakes118
-
Size
42KB
-
MD5
ea047bc4ae766b32a0c80b85b39f140b
-
SHA1
9dea25da47ba31c2b93d2f7cf2ac67e0259885e4
-
SHA256
aa62d2f1c7770196da0af32bf98b270197f4199927b2d9309e62ea57a9a59161
-
SHA512
f02e19e3dad16c04826cd2eb639788b931fdcdb1d833547addcbcce5f6f699788b57d42095427c811b3d15574a4f3ce9db487fbaff32dd08d68e13c617eb36cf
-
SSDEEP
768:qSV8OVcRm9+kyUW0+551sPbomVIys5q67DTka6SIejwiSJK3UEg6:5VZcE9XWx8UX5q6Z6aHg6
Score10/10-
Detects Kaiten/Tsunami Payload
-
Kaiten/Tsunami
Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Indicator Removal: Timestomp
Adversaries may remove indicators of compromise from the host to evade detection.
-