Analysis
-
max time kernel
149s -
max time network
128s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240523-en -
resource tags
-
submitted
14/09/2024, 14:56
General
-
Target
e06c70b38793e37b6f0e2e93c444d987_JaffaCakes118
-
Size
2.3MB
-
MD5
e06c70b38793e37b6f0e2e93c444d987
-
SHA1
d7efee35b2fdfc1583c03099ce8ca16275e51f4b
-
SHA256
9e578f7a0026f9753ad06f585c480b3dd516f21034f286b079a8ad2bbb699d6d
-
SHA512
45c70d2bf9f2b7527136de064ab76258c2a7eafba00f724604617af4d2966a9a74685bf7f249341d4d52a9e01a0ff80cf0cecb19e4e4b95b2fe9c2d706f38bde
-
SSDEEP
49152:FcXS0KUlIx32lkpQmQkpfb4Zs7SLGHrWu9Paue/ar/S+iGonw3Eb0Q4eHJHme6V4:FcXS1UlIx32lk7pfb4Zs7SL7J12/SMo9
Malware Config
Signatures
-
Loads a kernel module 12 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/e06c70b38793e37b6f0e2e93c444d987_JaffaCakes118/tmp/e06c70b38793e37b6f0e2e93c444d987_JaffaCakes1181⤵
- Loads a kernel module
-
/usr/bin/cpcp /tmp/e06c70b38793e37b6f0e2e93c444d987_JaffaCakes118 /tmp/freeBSD2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/usr/bin/cpcp /tmp/e06c70b38793e37b6f0e2e93c444d987_JaffaCakes118 /tmp/e06c70b38793e37b6f0e2e93c444d987_JaffaCakes118a2⤵
- Reads runtime system information
- Writes file to tmp directory
-
-
/usr/bin/cpcp /tmp/e06c70b38793e37b6f0e2e93c444d987_JaffaCakes118a /tmp/e06c70b38793e37b6f0e2e93c444d987_JaffaCakes1182⤵
- Reads runtime system information
- Writes file to tmp directory
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.3MB
MD581120b9ff418d5d660f21a8c389ec27e
SHA1b0cd2f53ca40e5aaabb4e6134d96e580d40f11bd
SHA256869f93060e503f1084c322e6bdce66ac04d7d11b236eab3b509e7a1c9d0cd227
SHA512b4685fbff8b6eb2a41afce7c8a3fd0df8e389639421e9343eac18a45f9a229e0355afbe234a90f330328825434871ff2e39f6c2fde2ee2a7626f4aaee673382e