Overview

overview

10

Static

static

10

d6f06be6d4...kes118

ubuntu-24.04-amd64

7

Analysis

  • max time kernel
    149s
  • max time network
    128s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    09-09-2024 19:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    d6f06be6d4ba2b9b428049bdd14058b4_JaffaCakes118

  • Size

    753KB

  • MD5

    d6f06be6d4ba2b9b428049bdd14058b4

  • SHA1

    965408f5670ae8f62db3b9ce0188f6f528b0b5cc

  • SHA256

    d76164cbced34e333a1d66c9ed7d826c62d49df4590c6bbc8bf86d4e5aad0ab5

  • SHA512

    ead59c7d24eb0a7d09a49fcae29c6f8198d7675cb5a2dcfd9e21ae29ddafde5be94a660d128d4afd8b2ffca09bc24a19893d46cc69f82de7441e8dc50a1e39ee

  • SSDEEP

    12288:Fdg5Rhlwh4z3meX6TRHMJ6xPuO5oIkPxvlYLWbKRT4k0PnYNEwMuxyXuKkMmweNz:FdgrhlwhY3meXoJn1aPxvK0k0PYN7MJ4

Score
7/10
evasionexecutionpersistenceprivilege_escalatiorootkit

Malware Config

Signatures

  • Deletes system logs 1 TTPs 1 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

    evasion
  • Loads a kernel module 11 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    executionpersistenceprivilege_escalatio
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/d6f06be6d4ba2b9b428049bdd14058b4_JaffaCakes118
    /tmp/d6f06be6d4ba2b9b428049bdd14058b4_JaffaCakes118
    1⤵
    • Loads a kernel module
    PID:2524
    • /usr/bin/rm
      rm -rf /var/log/syslog
      2⤵
      • Deletes system logs
      PID:2526
    • /usr/bin/touch
      touch /var/log/syslog
      2⤵
        PID:2528
      • /usr/bin/chmod
        chmod 0000 /var/log/syslog
        2⤵
          PID:2529
        • /usr/bin/chattr
          chattr +isa /var/log/syslog
          2⤵
            PID:2530
          • /usr/bin/touch
            touch /tmp/cron
            2⤵
            • Writes file to tmp directory
            PID:2532
          • /usr/bin/crontab
            crontab /tmp/cron
            2⤵
            • Creates/modifies Cron job
            PID:2537
          • /usr/bin/rm
            rm -rf /tmp/cron
            2⤵
              PID:2538

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/cron
            Filesize

            313B

            MD5

            4707e5660467768541014b8a9d98e453

            SHA1

            63ff8ca29c0942d74d62bc5a27111ed37358e4f7

            SHA256

            d4ca1f667aa9085d2612f66552b0b6610c782d13dbb7b828f94508e192de796c

            SHA512

            00e0e7334831fabe832d44a83c5aba27848ac00deff8490c2c0c3ae2e4b150dcdfd04f35d04900428415c8a9315805070ad0aa59f9ab2e7dc21a4a7c10198541

            Download Submit

          • /var/spool/cron/crontabs/tmp.4Ylm21
            Filesize

            496B

            MD5

            b77553c31120067762ff92bcfc88bd6b

            SHA1

            27290b59f2859407ac3feb404d58991a6ac3e7d6

            SHA256

            7fb2441c6842cd40ad02618e68c6836968fa64795846fb57816098fa190b118d

            SHA512

            197a7466eedb0444b49a9bac725c43d64f5399cbbdd1ad7766c85454930014b4eb1ca1b64605244c51d6ea6c3d06d2324bcfe1020cdae3ac15ab6c00392425b5

            Download Submit