General
-
Target
JaffaCakes118_53596b9997078f686f7c249a46ce491e
-
Size
39KB
-
Sample
250107-hhgy4a1lbq
-
MD5
53596b9997078f686f7c249a46ce491e
-
SHA1
0b9e8a5501022dece4c53718475bb32af51caa2c
-
SHA256
d4c00fe5de0fa12bdb3a698499e0d5e49f4993f5c61ddbbc1d75bc9325c66788
-
SHA512
0f49e26b00e70092d4af3ba80d938a6f027be22b51584c4d36ec364e70d4454875d527a72ab6cc54bdc61faf2ad748d3c3bfe956c7f42e9b0c9ecfaf35329ce2
-
SSDEEP
384:T7goHZuyvc02qAQQwQHDf6lpTWg3vMUhG4Qdre21jT58vKpG2Y0orcfKLUv0KZn1:T7KFNcuFkc2zq0x3UKnicZuiR/vWv8c
Malware Config
Targets
-
-
Target
JaffaCakes118_53596b9997078f686f7c249a46ce491e
-
Size
39KB
-
MD5
53596b9997078f686f7c249a46ce491e
-
SHA1
0b9e8a5501022dece4c53718475bb32af51caa2c
-
SHA256
d4c00fe5de0fa12bdb3a698499e0d5e49f4993f5c61ddbbc1d75bc9325c66788
-
SHA512
0f49e26b00e70092d4af3ba80d938a6f027be22b51584c4d36ec364e70d4454875d527a72ab6cc54bdc61faf2ad748d3c3bfe956c7f42e9b0c9ecfaf35329ce2
-
SSDEEP
384:T7goHZuyvc02qAQQwQHDf6lpTWg3vMUhG4Qdre21jT58vKpG2Y0orcfKLUv0KZn1:T7KFNcuFkc2zq0x3UKnicZuiR/vWv8c
Score10/10-
Xmrig_linux family
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
Adds new SSH keys
Linux special file to hold SSH keys. The threat actor may add new keys for further remote access.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Deletes system logs
Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Loads a kernel module
Loads a Linux kernel module, potentially to achieve persistence
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Disables AppArmor
Disables AppArmor security module.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Account Manipulation
1SSH Authorized Keys
1Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Privilege Escalation
Account Manipulation
1SSH Authorized Keys
1Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Scheduled Task/Job
1Cron
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
2Disable or Modify System Firewall
1Disable or Modify Tools
1Indicator Removal
1Clear Linux or Mac System Logs
1