Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
30-08-2024 08:18
General
-
Target
ca7a6379aff2dbd02d3d776fe6b34401_JaffaCakes118
-
Size
1.2MB
-
MD5
ca7a6379aff2dbd02d3d776fe6b34401
-
SHA1
e94e00883093a0a90908f94c139f8fe897b0b75d
-
SHA256
aec899c4b4433cbf3712fd7c9b07ca5da93a4ceceed234d088a8589853076474
-
SHA512
7cfe2bf0b60f67f21a95fa929e95633d782c814e4028b22e9e34dba0fe981299b308af66bceb320de685b1ac1175269139818b701e50fc8dbd0c5eea58fed01e
-
SSDEEP
24576:e845rlHu6gVJKG75oFpA0VWiX4G2y1q2rJp0:745wRVJKGtSA0VWioVu9p0
Malware Config
Signatures
-
Executes dropped EXE 2 IoCs
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Write file to user bin folder 1 TTPs 8 IoCs
-
Writes file to system bin folder 1 TTPs 3 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 30 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/ca7a6379aff2dbd02d3d776fe6b34401_JaffaCakes118/tmp/ca7a6379aff2dbd02d3d776fe6b34401_JaffaCakes1181⤵
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/bsd-port2⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin/bsd-port2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/ca7a6379aff2dbd02d3d776fe6b34401_JaffaCakes118 /usr/bin/bsd-port/getty2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/bsd-port/getty/usr/bin/bsd-port/getty2⤵
- Executes dropped EXE
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc1.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc2.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc3.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc4.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc5.d/S99selinux3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/dpkgd3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /bin/lsof /usr/bin/dpkgd/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/lsof3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/lsof3⤵
-
-
/usr/bin/cpcp -f /bin/ps /usr/bin/dpkgd/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/ps3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/ps3⤵
-
-
/usr/bin/cpcp -f /bin/ss /usr/bin/dpkgd/ss3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/ss3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/ss3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/lsof3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/ps3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/ss3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/ss3⤵
-
-
/usr/sbin/insmodinsmod /usr/bin/bsd-port/xpacket.ko3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
-
/usr/bin/mkdirmkdir -p /usr/bin2⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/ca7a6379aff2dbd02d3d776fe6b34401_JaffaCakes118 /usr/bin/.sshd2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/.sshd/usr/bin/.sshd2⤵
- Executes dropped EXE
- Loads a kernel module
-
-
/usr/sbin/insmodinsmod /tmp/xpacket.ko2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64B
MD57b1f5dec3b6201672a71743c5cae10d8
SHA122604ddda0d9a3627cb825b990806288c42ffdaf
SHA2563371b440857054685ba50a52809e0add36fda3e3781467c6806f0bc00fef53d2
SHA512272e4a18782ffe769f8f5ea8b1e914bb26bc592a2393934abe4fd13aae0a9a9e1c7cd870b0ed00185f06819f2389252d3d9c84d89e1f96c4a11592914113a4ed
-
Filesize
36B
MD5993cc15058142d96c3daf7852c3d5ee8
SHA10950b8b391b04dd3895ea33cd3141543ebd2525d
SHA2568171d077918611803d93088409f220c66fae1c670b297e1aa5d8cbd548ce9208
SHA5120c4256c00a3710f97e92581b552682b36b62afc35fe72622c491323c618c19ea62611ac04ccafc3dfcde2254a2ebbd93b69b66795b16e36332293bed83adb928
-
Filesize
73B
MD5d548338b1a9460cfb8021bb3c86c67ea
SHA190b4908151c4c6b52ae3fe2a69801653f0f6ec57
SHA256f910856d85a3a8c3495bcc241de35b256243bf24f70d79f36aa6b4c3e2c52cdf
SHA512b85837d49584b62e3a38e5c4246df83e6d9487d1b0e6ae7182f7cafc09b7cd2c2d82067c04127052b325f804025557d80af7f71793a86d08c73bae0e455c4786
-
Filesize
4B
MD50172d289da48c48de8c5ebf3de9f7ee1
SHA1a0a9980a2b2b56651a64cd98df83af7670010128
SHA25629923c8dc8abaca7ea7e4a08adefe252c74784a33ea0544a105c58dbb6c78607
SHA512859343c90d9088f6398b9997b32678b8d54c73522fc4b9e99ff65aee65237cb4347133266f1eac6021b34fdcf2ba57b92214ee6466b6f9346040f8528f97a3b5
-
Filesize
4B
MD5dfb84a11f431c62436cfb760e30a34fe
SHA14d8c3159b646e2e5ef74e09d741dab8ec1822ff0
SHA256acec32b9a99f846cf042c33819d341da0e15c5f53871575274f055f23d37b365
SHA512448876d38c571e0499fd455606081740f49c95c915bf411e1f61f60efbbc217be4b2f346896967e8bd21963edbba862476fed76fdfb1cfccb9c93059ebd8cbd6
-
Filesize
51B
MD51c8d8df3dfb4168c0e507f8fa2373711
SHA1126808bc0201b1f4e9a72e8d39d2e465366df67f
SHA25637c6158e7252db0fad8ded7561ebd16d6f09514aaaf647b42c15ff2995133295
SHA51226835deaf68ed3b8de8b028ee073dac7b3cde61f40786076658c4d42f6d4dd830375a7b960839a78de190cb6222ed806f13e487edaebfaa0fb781000f6d784f4