Analysis
-
max time kernel
143s -
max time network
148s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240508-en -
resource tags
-
submitted
14-05-2024 11:11
General
-
Target
4147e375f325878fe3c3962c3d4ac411_JaffaCakes118
-
Size
54KB
-
MD5
4147e375f325878fe3c3962c3d4ac411
-
SHA1
3977330dac5e46ee6887d9d5fc58a17229ecf4da
-
SHA256
f919b9a88cd4aedf43145916d33f9ca10202735acec3b052b842cfdbaf5ba27b
-
SHA512
fbd1332c311828dbb94af80ed2428f8dd3d927e8cd0a2092fd4b28b15d47601cbd9fcf5d26dcc2d7ba8b961dc6bfa9ec0a4023f579659484569a50484081e65d
-
SSDEEP
768:s6hiVRWhVWibZ6uzPBtbrmvOSYpZHU/HYnvW4i0suqstyPxck51:s6EwVWibZ6uzpNrmv6ZyOWJ0Bqstixc
Malware Config
Signatures
-
Contacts a large (7515) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Deletes itself 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
-
Changes its process name 1 IoCs
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes
-
/tmp/4147e375f325878fe3c3962c3d4ac411_JaffaCakes118/tmp/4147e375f325878fe3c3962c3d4ac411_JaffaCakes1181⤵
- Deletes itself
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Changes its process name
- Reads system network configuration