Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    25/08/2024, 10:09

General

  • Target

    c081d063c8ce9fc08f7800ebe17651bd_JaffaCakes118

  • Size

    20KB

  • MD5

    c081d063c8ce9fc08f7800ebe17651bd

  • SHA1

    ff8ce001fbff7e9531d5da3089a927699c01928d

  • SHA256

    0060862847ddb00a855d792cc8dd5b5b93140b140eae77d56b9633d95bf23b2c

  • SHA512

    242f8010ed2f093e51173f91dd135c97c5afbd3333bc026891937ca8c5e8b36096ace9711e1ca9e06b829bf245ef9460dda50674a6a7ead4a419b9544664c802

  • SSDEEP

    384:MVrF5D7Hbv/4WvH/GyDDgxqGgkY26Ez6LO2lANaNJawcudoD7U8L8nIt:Or7HbAWHsKEc5nbcuyD7Um+w

Score
9/10

Malware Config

Signatures

  • Contacts a large (153546) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Loads a kernel module 64 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

  • Unexpected DNS network traffic destination 64 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes

  • /tmp/c081d063c8ce9fc08f7800ebe17651bd_JaffaCakes118
    /tmp/c081d063c8ce9fc08f7800ebe17651bd_JaffaCakes118
    1⤵
    • Loads a kernel module
    PID:2441

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads