b15752c505752431067c5b2a1279bc5416f4eeb32782a9ff984d8546328356d0

General

Target

1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
Size

72KB
MD5

1dd1e82414082c4e2ab1cb6219237d3e
SHA1

bf98448256514a2aa22d6f221e9c31e8fcab5901
SHA256

b15752c505752431067c5b2a1279bc5416f4eeb32782a9ff984d8546328356d0
SHA512

a3f7046be292002cc0806ff59982070364dae593faf945e300d937d5313b81f5f1701353ee15bfc94471b400a3d782a8e8eaadeb4eda0cff84b86871bda32bc3
SSDEEP

1536:xwOgQ8JS4OZm3/W97kJ2f4ol+QLk+lTKvHSW6/ReAwJt8A73elt:q39HJ2f4ol+QLk+lTKvHSW6/oAm8iult

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (20574) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

Processes:

1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118

description	ioc	process
File opened for modification	/dev/watchdog	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for modification	/dev/misc/watchdog	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118

Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.

System Network Connections Discovery
T1049

Processes:

1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118

description ioc process

File opened for reading /proc/net/tcp 1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
Enumerates running processes
Discovers information about currently running processes on the system
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118

description ioc process

File opened for reading /proc/net/tcp 1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118

description	ioc	process
File opened for reading	/proc/net/tcp	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118

description	ioc	process
File opened for reading	/proc/net/tcp	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

Processes:

1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118

description	ioc	process
File opened for reading	/proc/538/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2007/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2037/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/269/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1062/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1244/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1529/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2023/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/475/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1912/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2159/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2004/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1131/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1706/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1805/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2028/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/438/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/672/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1306/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1759/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1831/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2123/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/984/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1115/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1157/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1534/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/548/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1612/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1732/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1573/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1975/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1277/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/406/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1546/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1575/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1111/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1127/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1780/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1552/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1795/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2137/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2152/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/317/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/442/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/598/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1615/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1544/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1580/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/870/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1119/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1141/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1336/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1378/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/756/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1021/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/447/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/455/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1221/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/439/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1982/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1101/fd	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/1738/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
File opened for reading	/proc/2143/exe	1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118

/tmp/1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
/tmp/1dd1e82414082c4e2ab1cb6219237d3e_JaffaCakes118
1⤵
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Reads system network configuration
- Reads runtime system information
PID:1533