009714340e1b9cd089d6801bca92ebd507dfe37c80ba72d607e32f212de3e6a0

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
15-09-2024 07:09

Target

e1f3f59b74b2c888f1deed1475d7fa73_JaffaCakes118
Size

1.2MB
MD5

e1f3f59b74b2c888f1deed1475d7fa73
SHA1

4e4158ac9ee8e3cb997f75d5eddbb30243623906
SHA256

009714340e1b9cd089d6801bca92ebd507dfe37c80ba72d607e32f212de3e6a0
SHA512

527c91fe8cf5ef3cdbba3711266aead92ab3ddd9fca311b38c5f6cc13d8a6d1b01a23d5db13ead315aeb5485d22692ff869f4fc77b0e25323d300e36ba6b7179
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWIX4m2y1q2rJp0:745vRVJKGtSA0VWIo1u9p0

Score

7^/10

File and Directory Permissions Modification 1 TTPs 6 IoCs

Adversaries may modify file or directory permissions to evade defenses.

Linux and Mac File and Directory Permissions Modification

Processes:

chmodchmodchmodchmodchmodchmod

Executes dropped EXE 2 IoCs

Processes:

getty.sshd

ioc	pid	Process
/usr/bin/bsd-port/getty	2521	getty
/usr/bin/.sshd	2543	.sshd

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

Processes:

e1f3f59b74b2c888f1deed1475d7fa73_JaffaCakes118getty.sshd

pid	Process
2479	e1f3f59b74b2c888f1deed1475d7fa73_JaffaCakes118
2481