5ffc0e25a1bcd622407374cf596b1716a686b5fe4171cf9b5982a0c0796f057a

General

Target

0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
Size

64KB
MD5

0fb38fe90fc2cbf71153747fbbc2db7e
SHA1

de930635bf28b5f628f33f67e2aa23fdc63ced37
SHA256

5ffc0e25a1bcd622407374cf596b1716a686b5fe4171cf9b5982a0c0796f057a
SHA512

1485db0667c2e42fb82002fecbd7a4e6ae6a61842b625b4d4cb9124e5983e46f5ecb438335593193cbe79f0a3a852768b663f18bae7738573343e87b89fbb366
SSDEEP

1536:IEX9170vwHbQXZ5+qXDEuXi95TSW7V/DjObeFt6PuQ4ZO:d917iwHbQXZ5+qXA599SWZ/XObeb6GZZ

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (20583) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

Processes:

0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118

description	ioc	process
File opened for modification	/dev/watchdog	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for modification	/dev/misc/watchdog	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118

Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery
T1049

Processes:

0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118

description ioc process

File opened for reading /proc/net/tcp 0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
Enumerates running processes
Discovers information about currently running processes on the system
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118

description ioc process

File opened for reading /proc/net/tcp 0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118

description	ioc	process
File opened for reading	/proc/net/tcp	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118

description	ioc	process
File opened for reading	/proc/net/tcp	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118

description	ioc	process
File opened for reading	/proc/1116/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/541/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/767/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/907/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1097/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1443/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/674/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/953/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/460/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/495/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/807/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/835/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1055/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/816/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/956/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/474/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/907/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/445/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/807/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1088/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1103/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1149/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/519/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/642/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1479/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1078/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/495/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/541/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/967/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1116/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/502/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/978/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1412/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/835/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/961/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/506/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1247/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/567/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/858/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1549/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1408/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1450/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/802/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/956/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/502/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/699/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/789/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/961/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1139/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1145/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/816/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/994/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1323/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/508/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1111/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1494/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/508/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1470/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1410/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/506/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1038/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1043/fd	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/459/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
File opened for reading	/proc/1448/exe	0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118

/tmp/0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
/tmp/0fb38fe90fc2cbf71153747fbbc2db7e_JaffaCakes118
1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information
PID:1483