Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
08-09-2024 22:08
General
-
Target
d52c6cadd4254a34c34095df93b2c195_JaffaCakes118
-
Size
1.2MB
-
MD5
d52c6cadd4254a34c34095df93b2c195
-
SHA1
4cba9953158f62bd2b12e06952ac81e3c3f1852e
-
SHA256
d99e6c724f55505ed5a478a36e0a0ad18fadf94fb6215c78bf171d5da5553e25
-
SHA512
0bf33847f71f5056af2de942431572e5f2c7ba81a3d4979e7865784ecc291aca6ca5439871a10dcfd5cec0165eae63fddaa0e38d70b72a42983046ad43af8a67
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4k2y1q2rJp0:745vRVJKGtSA0VWeoru9p0
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 6 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 2 IoCs
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Write file to user bin folder 8 IoCs
-
Writes file to system bin folder 3 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 30 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/d52c6cadd4254a34c34095df93b2c195_JaffaCakes118/tmp/d52c6cadd4254a34c34095df93b2c195_JaffaCakes1181⤵
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/bsd-port2⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin/bsd-port2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/d52c6cadd4254a34c34095df93b2c195_JaffaCakes118 /usr/bin/bsd-port/getty2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/bsd-port/getty/usr/bin/bsd-port/getty2⤵
- Executes dropped EXE
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc1.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc2.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc3.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc4.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc5.d/S99selinux3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/dpkgd3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /bin/lsof /usr/bin/dpkgd/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/lsof3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/lsof3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/cpcp -f /bin/ps /usr/bin/dpkgd/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/ps3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/ps3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/cpcp -f /bin/ss /usr/bin/dpkgd/ss3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/ss3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/ss3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/lsof3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/ps3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/ss3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/ss3⤵
- File and Directory Permissions Modification
-
-
/usr/sbin/insmodinsmod /usr/bin/bsd-port/xpacket.ko3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
-
/usr/bin/mkdirmkdir -p /usr/bin2⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/d52c6cadd4254a34c34095df93b2c195_JaffaCakes118 /usr/bin/.sshd2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/.sshd/usr/bin/.sshd2⤵
- Executes dropped EXE
- Loads a kernel module
-
-
/usr/sbin/insmodinsmod /tmp/xpacket.ko2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64B
MD5c07c9f227030382e442b59f68ec0659b
SHA1843c964e80a30930f2c6c7d5a9df750dc231598a
SHA2569ec13b5388222b971e7d16781a4dce20d1589f6340843d07c5e72bd1bac3b1df
SHA51259306c697965642435e468dba00d006599487719578c5dd8cec32b079449179106058d8d580db7668bbc3e285491da4a11b698fbac73a94f7dcffa4daae4f84c
-
Filesize
36B
MD5993cc15058142d96c3daf7852c3d5ee8
SHA10950b8b391b04dd3895ea33cd3141543ebd2525d
SHA2568171d077918611803d93088409f220c66fae1c670b297e1aa5d8cbd548ce9208
SHA5120c4256c00a3710f97e92581b552682b36b62afc35fe72622c491323c618c19ea62611ac04ccafc3dfcde2254a2ebbd93b69b66795b16e36332293bed83adb928
-
Filesize
73B
MD58643c633bba09aff9eb92d3d4cba27b2
SHA1c14e2245b7d50e75d7fd115444d4eb9d941f4421
SHA25684eb3c7bbc3297e9e49d908bae69f7b2bc79f03143d6d384214f6c763b2abeac
SHA512b227185b40d09355f44de649963a5ee4bd88cfc6e3669466bc9e5e1c7779ba494472e64583601c7fc3b0cca74b3c87e1e2556152734dee787da33991e6b0c2f3
-
Filesize
4B
MD58c9f32e03aeb2e3000825c8c875c4edd
SHA1caaa9552af2f6811278fe10f8f42beece2a72fdd
SHA2563cb81c72e3c44a9c6a2fda94952ab34e0b0a89b0e7cfb6330ed371a0eda636bc
SHA5120a8a03eff59f5db5abe8568bf5485b68a7458895b55084f788bec32bea00bfae8f35928726d3b2bca9d76ffb90fe00506f191004383d6ea78983294faf587331
-
Filesize
4B
MD586ecfcbc1e9f1ae5ee2d71910877da36
SHA155f21e37af5e8742143a8e69b2e15811d316de36
SHA256c2d735ed61274b73ed20a49594661e35185797b6ee082cb5145383e548d4f9d0
SHA512cd9e05cc4e86cc31dce0c27ab36ca3974d7ec8857a40d4bd04143b886c189b8ced08d06b7494871d335b59d9c018661809980f08514c5cf5d4099714c49ccebe
-
Filesize
51B
MD56e6a63e33211df12d76b29acfc0f5be8
SHA161eba6476f741840a115d4470e27aac026d6d536
SHA2565cae63ea4cbd4a53817693038bfd8c4517875f152a3376ed3779605580a09983
SHA512a8f6132b01a9880c362ae6be59e29579435700b91b302f2fd46494b131f7632cf10dd99328e499415540c8beb1ff266183115aa97f5d23ad49f91701ddd4b580