89c0e3a24875e3d539f8ef374440f8eb2e88b22a68da9f5de054e7ec096b21d1

Analysis

max time kernel
0s
max time network
131s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
12/09/2024, 15:21

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

dc80c6af6358d4fde71f572018f53c61_JaffaCakes118
Size

54KB
MD5

dc80c6af6358d4fde71f572018f53c61
SHA1

1d3ac66474623e5947cde4de82297fc666ce8475
SHA256

89c0e3a24875e3d539f8ef374440f8eb2e88b22a68da9f5de054e7ec096b21d1
SHA512

a451ff0249027b8fed4d5226fe84cf146727de0deb7dd84b3114bd41894b24dfde388f76b0e7b6a179f155d472601cee311250eeca3d6d38d65cb4b81106d231
SSDEEP

1536:t7KNHU8apLmsk1AxKWHfCCSWKyDhwOW1Usgkclc:t7uURpKsk1Ax/CtyNBWOsg/m

Score

7^/10

defense_evasion

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1587	dc80c6af6358d4fde71f572018f53c61_JaffaCakes118

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/misc/watchdog	dc80c6af6358d4fde71f572018f53c61_JaffaCakes118
File opened for modification	/dev/watchdog	dc80c6af6358d4fde71f572018f53c61_JaffaCakes118

/tmp/dc80c6af6358d4fde71f572018f53c61_JaffaCakes118
/tmp/dc80c6af6358d4fde71f572018f53c61_JaffaCakes118
1⤵
- Deletes itself
- Modifies Watchdog functionality
PID:1587

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads