General

  • Target

    JaffaCakes118_0cd0dc270246e102a4f947967a075bdd

  • Size

    576KB

  • Sample

    250601-yqsnka1zdv

  • MD5

    0cd0dc270246e102a4f947967a075bdd

  • SHA1

    2717e670a3778dded634c0df6b39199f825789d2

  • SHA256

    ad8b63994d002a8158b690b08ac75329423c1efad5c32483f459082b258d0054

  • SHA512

    5576c84e619fa7f70ad9f2c4ca94c72575b3da4000602c0bf01a6046e5dd3208cdfff0cdc0e7f1d322eaff15a52579e71726dd60c7e10f965a6eb55b3e392183

  • SSDEEP

    12288:81YC1YRh4Z//NKpRM3gSJtSrHvILOxCH9DPgBvYPdUjcW:8mMOWNg0gW4TvI0dcC

Malware Config

Targets

    • Target

      JaffaCakes118_0cd0dc270246e102a4f947967a075bdd

    • Size

      576KB

    • MD5

      0cd0dc270246e102a4f947967a075bdd

    • SHA1

      2717e670a3778dded634c0df6b39199f825789d2

    • SHA256

      ad8b63994d002a8158b690b08ac75329423c1efad5c32483f459082b258d0054

    • SHA512

      5576c84e619fa7f70ad9f2c4ca94c72575b3da4000602c0bf01a6046e5dd3208cdfff0cdc0e7f1d322eaff15a52579e71726dd60c7e10f965a6eb55b3e392183

    • SSDEEP

      12288:81YC1YRh4Z//NKpRM3gSJtSrHvILOxCH9DPgBvYPdUjcW:8mMOWNg0gW4TvI0dcC

    • Detects Kaiten/Tsunami Payload

    • Kaiten family

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Indicator Removal: Timestomp

      Adversaries may remove indicators of compromise from the host to evade detection.

MITRE ATT&CK Enterprise v16

Tasks