Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
29-08-2024 18:22
General
-
Target
c95e67b69e594c42947710e0a920c303_JaffaCakes118
-
Size
1.2MB
-
MD5
c95e67b69e594c42947710e0a920c303
-
SHA1
2e3949d639b98f137b163345583b9f4796b01a13
-
SHA256
7c5ecb1d56859abb82aea6c0bbbb3c541deadd8990f302af90a49215484e0731
-
SHA512
fd0830caf8f2d151a8a0fc1180b06024b87671975647d646a983f3833669677d85f64d7d76308a432bbdd0685e0e2e601b0ab3bd1ebca170ff69d28db6509b73
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4y2y1q2rJp0:745vRVJKGtSA0VWeoBu9p0
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Write file to user bin folder 1 TTPs 8 IoCs
-
Writes file to system bin folder 1 TTPs 3 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 30 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/c95e67b69e594c42947710e0a920c303_JaffaCakes118/tmp/c95e67b69e594c42947710e0a920c303_JaffaCakes1181⤵
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/bsd-port2⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin/bsd-port2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/c95e67b69e594c42947710e0a920c303_JaffaCakes118 /usr/bin/bsd-port/getty2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/bsd-port/getty/usr/bin/bsd-port/getty2⤵
- Executes dropped EXE
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc1.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc2.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc3.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc4.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc5.d/S99selinux3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/dpkgd3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /bin/lsof /usr/bin/dpkgd/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/lsof3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/lsof3⤵
-
-
/usr/bin/cpcp -f /bin/ps /usr/bin/dpkgd/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/ps3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/ps3⤵
-
-
/usr/bin/cpcp -f /bin/ss /usr/bin/dpkgd/ss3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/ss3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/ss3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/lsof3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/ps3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/ss3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/ss3⤵
-
-
/usr/sbin/insmodinsmod /usr/bin/bsd-port/xpacket.ko3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
-
/usr/bin/mkdirmkdir -p /usr/bin2⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/c95e67b69e594c42947710e0a920c303_JaffaCakes118 /usr/bin/.sshd2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/.sshd/usr/bin/.sshd2⤵
- Executes dropped EXE
- Loads a kernel module
-
-
/usr/sbin/insmodinsmod /tmp/xpacket.ko2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64B
MD53616f66475f0c07f3d954a445bd67eea
SHA12440f1a8143ce80b9950a95b9ef34962c10e7134
SHA256e66425d10d92153bdbe1ca98c3d80d9e3e32140d5e240ec0f3759ce79f183d50
SHA5123ea5e97fafb7053927aba320b7d82d316853ce408c92456951d792e652dafdcc8b8f490e83689d9a3e0296e8e899c7887d9270c7799d26991eb874a41e885e2c
-
Filesize
36B
MD5993cc15058142d96c3daf7852c3d5ee8
SHA10950b8b391b04dd3895ea33cd3141543ebd2525d
SHA2568171d077918611803d93088409f220c66fae1c670b297e1aa5d8cbd548ce9208
SHA5120c4256c00a3710f97e92581b552682b36b62afc35fe72622c491323c618c19ea62611ac04ccafc3dfcde2254a2ebbd93b69b66795b16e36332293bed83adb928
-
Filesize
4B
MD546f76a4bda9a9579eab38a8f6eabcda1
SHA12863d7ae605104eeef364e3f164d3404e20f680c
SHA256bfaa492bc1eb6c25c1e676ff0f4bab292e725a5cc3290f0a6d58750439d12f10
SHA51298de239778efbdc16581b101337fb5403327f03f108fbcda489aad095df78e6fa100fa43b0ab2f88612ad842aabcae626a45e0e911afa411a7154aae7c9fe37e
-
Filesize
4B
MD5465636eb4a7ff4b267f3b765d07a02da
SHA12fb957b813146e5b1e16439b82f80f7711e6f051
SHA256b72b9e445e2cda580ee6157ac2d46a1d6683a42d94de92256ffbcfd7f3803949
SHA512f7305685476b597beb9dee21b12e829269b8f5691d9e3dcffd708fbc1d75fb4f3046317381326c40dd2a8afdf3e8d44d0c1ba132ff21c1493f2194351ed1934d
-
Filesize
51B
MD54a3cc41015d8b9be12453ef64bd28ab0
SHA115684c26ff9211fcafea649ee84b21e710ec9c14
SHA2564f6f28573e6e5c9bc57a85998fb26c97cfa55da8ed2222d20f5d48dba2df4468
SHA512d76e007d07d5ea530a627e73a0d630d0cd84d77f4bae166e47b9eac0f8c6de6ae7f4322b0be3b9996e20871dcb6a2def7ca1f5f851ca5d1c3303f87e0f3ee233
-
Filesize
73B
MD5a56ed232b9c8c6fb177ce6ddc296442d
SHA1f897aa082afea034f39bec49514c85458a830317
SHA256bfecefbf08b252d65387c94d9bc339d216eefe6b9b5bab2386e399e1c071cbc6
SHA512e1fe4f968b8cc9d539b9c73903c1b0d5b79bc83bac6f000f1b3d1d89f7854296826c672ecc9bdff5612b17e80dbc6165efaa19d5c55adf015b3db0a997743b75