Overview

overview

10

Static

static

1

eccba1bd0a...kes118

ubuntu-18.04-amd64

10

eccba1bd0a...kes118

debian-9-armhf

7

eccba1bd0a...kes118

debian-9-mips

7

eccba1bd0a...kes118

debian-9-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eccba1bd0adedf00340c53fd34e800d7_JaffaCakes118

  • Size

    30KB

  • Sample

    240920-egkf2sxfqm

  • MD5

    eccba1bd0adedf00340c53fd34e800d7

  • SHA1

    7b959de9d793bbc071dad336fd2e4d4cb82c7b0f

  • SHA256

    7f82d34906c480afefcd26f969b815794f352a95ce280b4ddb0687ff096c6a8b

  • SHA512

    116ca660e158a83ae12222aae2b440586604e51e58630a4f12118e1fae760a403d9bf00d7f79e4aad252d268736d699739d4665ee27b4f952a2660fd9c42f508

  • SSDEEP

    384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKU:p78zQ5VFNcDAFLcIwgnoYq0xFBVdHtrn

Score
10/10
xmrig_linuxdefense_evasiondiscoveryevasionexecutionlinuxminerpersistenceprivilege_escalatioprivilege_escalationrootkit

Malware Config

Targets

    • Target

      eccba1bd0adedf00340c53fd34e800d7_JaffaCakes118

    • Size

      30KB

    • MD5

      eccba1bd0adedf00340c53fd34e800d7

    • SHA1

      7b959de9d793bbc071dad336fd2e4d4cb82c7b0f

    • SHA256

      7f82d34906c480afefcd26f969b815794f352a95ce280b4ddb0687ff096c6a8b

    • SHA512

      116ca660e158a83ae12222aae2b440586604e51e58630a4f12118e1fae760a403d9bf00d7f79e4aad252d268736d699739d4665ee27b4f952a2660fd9c42f508

    • SSDEEP

      384:p7pQBDf6jlpTWg3vMGQiirhHwMyGj4CC9vEKMvU/4Qdre21jT58vKpG2Y0orcfKU:p78zQ5VFNcDAFLcIwgnoYq0xFBVdHtrn

    Score
    10/10
    xmrig_linuxdefense_evasiondiscoveryevasionexecutionminerpersistenceprivilege_escalatioprivilege_escalationrootkit

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

      evasion

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

      defense_evasion

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Abuse Elevation Control Mechanism: Sudo and Sudo Caching

      Abuse sudo or cached sudo credentials to execute code.

      privilege_escalationdefense_evasion

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalatio

    • Disables AppArmor

      Disables AppArmor security module.

    • Disables SELinux

      Disables SELinux security module.

      defense_evasion

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Persistence

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Sudo and Sudo Caching

1
T1548.003

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Sudo and Sudo Caching

1
T1548.003

File and Directory Permissions Modification

1
T1222

Linux and Mac File and Directory Permissions Modification

1
T1222.002

Impair Defenses

2
T1562

Disable or Modify System Firewall

1
T1562.004

Disable or Modify Tools

1
T1562.001

Indicator Removal

1
T1070

Clear Linux or Mac System Logs

1
T1070.002

Credential Access

Discovery

Process Discovery

1
T1057

System Information Discovery

2
T1082

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks