2524b59037c1068f90abfb98de38992244da612dd343cd29e60acb48217518fa

Analysis

max time kernel
0s
max time network
131s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
18/08/2024, 00:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

a4acca2d885cf3aea3332f412637e03b_JaffaCakes118
Size

56KB
MD5

a4acca2d885cf3aea3332f412637e03b
SHA1

4bc91d903f705f02484d501a85c8c804078f983a
SHA256

2524b59037c1068f90abfb98de38992244da612dd343cd29e60acb48217518fa
SHA512

f1e1178dd1187c627bdfdc24c4c0283773420eecd97dd4f2c196e4bf73c6e474de3653a40f17b20e56b9cb87e6565f460057b57dc8709836d8da37e067d63ced
SSDEEP

1536:csDUXBD9xWnvJoEWgmCKYavMeEqSwHDyQD20GmyboAjCI:rDgMnhoEZms0MTHkGNbH9

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1595	a4acca2d885cf3aea3332f412637e03b_JaffaCakes118

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	a4acca2d885cf3aea3332f412637e03b_JaffaCakes118
File opened for modification	/dev/misc/watchdog	a4acca2d885cf3aea3332f412637e03b_JaffaCakes118

/tmp/a4acca2d885cf3aea3332f412637e03b_JaffaCakes118
/tmp/a4acca2d885cf3aea3332f412637e03b_JaffaCakes118
1⤵
- Deletes itself
- Modifies Watchdog functionality
PID:1595

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads