ca998d3dc5398e761b9c8d4b057e56cb0a71e7b316dc2f907b0721b557df9920

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
12-09-2024 01:59

Target

db9e3a7105be14d625836d30b3d6e87a_JaffaCakes118
Size

57KB
MD5

db9e3a7105be14d625836d30b3d6e87a
SHA1

a646fc77cdb5f3c6c5fc14bd09777e11e9edf6f3
SHA256

ca998d3dc5398e761b9c8d4b057e56cb0a71e7b316dc2f907b0721b557df9920
SHA512

99dcea41426325d7c5df02b004ef4e9c48545eacac75a85c0f4ae9f17fbd2ce11d1d773f3fc072fa0f075b0b9a2c0542cae37d6ef7e3bd1bb2a6a8b1132f4166
SSDEEP

768:kQ1RlFy/f+xz+/A/gRtt4Hv0cazBIqy/eZm4Iz/pONuQ3BWyoQtp/2uTvLct33UT:ve/f+xz+/s4pIq/bCSWk/zvwt33U3zo

Score

9^/10

discovery rootkit

Contacts a large (41068) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

/tmp/db9e3a7105be14d625836d30b3d6e87a_JaffaCakes118
/tmp/db9e3a7105be14d625836d30b3d6e87a_JaffaCakes118
1⤵
- Loads a kernel module
PID:2468

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact