Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
01-05-2024 03:17
Behavioral task
behavioral1
Sample
0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118
Resource
ubuntu1804-amd64-20240226-en
General
-
Target
0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118
-
Size
64KB
-
MD5
0afdb20f9ec3b37f0acf3dd28df8d516
-
SHA1
462b807da7eea15a3d2ba524f0f1393f90623022
-
SHA256
73f93401f66a339400a69dc848b534fb8a3411cc91789fb738f8069fc23eb257
-
SHA512
7a7bedd980d12efbe42c2c3b18d72f35461510308cadd96b2eee82c7d0e1393a04c1bf16a8e81f06b9bcbec7060f7a9a73879c5de3fa3447020c3bdf4cf6a384
-
SSDEEP
1536:/XRaafCds5AnXhBdylvgyssCWECcQhVYCuXfcO44Ad2:vRaafSs5AnTIlvgyNCW8uVYCEfhhAd
Malware Config
Signatures
-
Contacts a large (20665) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118description ioc process File opened for modification /dev/watchdog 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for modification /dev/misc/watchdog 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118description ioc process File opened for reading /proc/net/tcp 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118description ioc process File opened for reading /proc/net/tcp 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes:
0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118description ioc process File opened for reading /proc/728/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1302/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/465/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/438/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1245/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/421/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1122/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/651/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/460/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/739/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/419/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/465/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1587/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/472/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/538/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1122/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1356/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1191/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1581/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/527/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1589/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1590/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/638/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/680/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1076/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/557/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1154/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1121/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/460/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/528/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/580/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/739/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/330/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/483/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1335/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/649/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1141/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1285/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/282/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1204/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1198/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/438/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1129/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1202/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1318/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1598/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1150/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1041/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1076/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1133/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1145/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1185/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/680/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/445/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/527/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1164/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/651/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/728/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1107/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1595/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1595/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/607/fd 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/961/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118 File opened for reading /proc/1133/exe 0afdb20f9ec3b37f0acf3dd28df8d516_JaffaCakes118