General

  • Target

    f97ffb8896fd6f6ce7a605a8b3324ae9_JaffaCakes118

  • Size

    140KB

  • Sample

    241218-bddmjsvrby

  • MD5

    f97ffb8896fd6f6ce7a605a8b3324ae9

  • SHA1

    e88b7423e1692885ccd8fd0eb0d3f803c5f088d3

  • SHA256

    45fa5f05d85fdcf3fdfe4be2698c7af2f8d7d3db0951a72898bb384c0208cefb

  • SHA512

    0ae80f4a751c455789ff0f6151d721e75c2ed019fff26f35ab9f739ca2a20f0fbdf56a0db7bb2a777a36667243459a2d45b59d4b39e9f1c054b46f74294613d2

  • SSDEEP

    3072:VYbSBRRYlfDsajlYqN3032IK4px3X4jj3CPazWZSM/98/r:abqRefDsskRK4px3XKjEazZM/98/r

Malware Config

Targets

    • Target

      f97ffb8896fd6f6ce7a605a8b3324ae9_JaffaCakes118

    • Size

      140KB

    • MD5

      f97ffb8896fd6f6ce7a605a8b3324ae9

    • SHA1

      e88b7423e1692885ccd8fd0eb0d3f803c5f088d3

    • SHA256

      45fa5f05d85fdcf3fdfe4be2698c7af2f8d7d3db0951a72898bb384c0208cefb

    • SHA512

      0ae80f4a751c455789ff0f6151d721e75c2ed019fff26f35ab9f739ca2a20f0fbdf56a0db7bb2a777a36667243459a2d45b59d4b39e9f1c054b46f74294613d2

    • SSDEEP

      3072:VYbSBRRYlfDsajlYqN3032IK4px3X4jj3CPazWZSM/98/r:abqRefDsskRK4px3XKjEazZM/98/r

    • Contacts a large (23841) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads process memory

      Read the memory of a process through the /proc virtual filesystem. This can be used to steal credentials.

MITRE ATT&CK Enterprise v15

Tasks