Analysis
-
max time kernel
149s -
max time network
149s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
-
submitted
22-09-2024 03:39
General
-
Target
f134f8f0cdf87e2f3f4d9cbcc0f86b39_JaffaCakes118
-
Size
1.1MB
-
MD5
f134f8f0cdf87e2f3f4d9cbcc0f86b39
-
SHA1
584f15ff5f2188a25b8b27d96290c3550e4dffde
-
SHA256
478e45caa33dd580e1b3805d84fffd190d9cee3635137ea1d3fc4220626519a7
-
SHA512
faea0bbb90f6b0c84daf124c7db0cf1ef7fc1667e2636bab76ca06172fe930c0b6c363116338d4aa14a40b97a94e61b52f125a7ed76a2d51983078c24668c986
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfa2I+gIGYuuCol7r:4vREKfPqVE5jKsfa2RHGVo7r
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 4 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 2 IoCs
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Write file to user bin folder 6 IoCs
-
Writes file to system bin folder 2 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 17 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/f134f8f0cdf87e2f3f4d9cbcc0f86b39_JaffaCakes118/tmp/f134f8f0cdf87e2f3f4d9cbcc0f86b39_JaffaCakes1181⤵
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/bsd-port2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/f134f8f0cdf87e2f3f4d9cbcc0f86b39_JaffaCakes118 /usr/bin/bsd-port/getty2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/bsd-port/getty/usr/bin/bsd-port/getty2⤵
- Executes dropped EXE
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc1.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc2.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc3.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc4.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc5.d/S99selinux3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/dpkgd3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /bin/lsof /usr/bin/dpkgd/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/lsof3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/lsof3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/cpcp -f /bin/ps /usr/bin/dpkgd/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/ps3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/ps3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/lsof3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/ps3⤵
- File and Directory Permissions Modification
-
-
/usr/sbin/insmodinsmod /usr/lib/xpacket.ko3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
-
/usr/bin/mkdirmkdir -p /usr/bin2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/f134f8f0cdf87e2f3f4d9cbcc0f86b39_JaffaCakes118 /usr/bin/libsw2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/libsw/usr/bin/libsw2⤵
- Executes dropped EXE
- Loads a kernel module
-
-
/usr/sbin/insmodinsmod /usr/lib/xpacket.ko2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64B
MD5b64fe3ee133f95ffe33982c017598cfc
SHA1558f11f7834fbfe3a411fd107d9f716b53373dcb
SHA25685062335e891cb9573e36c257bf8726af6db888cecc9483d09d3807a6c8d5546
SHA512216ff316de94c304f0b3bc9a4aa1518196870a0e14e49cd9475d797d82b48d601a5e3899643fd3748d3f0232cfcbb7dc8d4f2af759d9b263d2d85e728cc0fa1e
-
Filesize
36B
MD5993cc15058142d96c3daf7852c3d5ee8
SHA10950b8b391b04dd3895ea33cd3141543ebd2525d
SHA2568171d077918611803d93088409f220c66fae1c670b297e1aa5d8cbd548ce9208
SHA5120c4256c00a3710f97e92581b552682b36b62afc35fe72622c491323c618c19ea62611ac04ccafc3dfcde2254a2ebbd93b69b66795b16e36332293bed83adb928
-
Filesize
4B
MD5f7696a9b362ac5a51c3dc8f098b73923
SHA1a6a0845258a40575703021e5244ff9c70838a23b
SHA2565a0b83e19c5750eed6d8d46cb858d15c956a657093c08afa53133c0fbe5f04fb
SHA5123ae0f24c4f1fe6593f20f92f251c54c1d10e6f576340c9ae31a46d50cf3b49c364d1a0ab6b9d5702cb057077db52a48f192b491f142315311629b9ad7cc11fdb
-
Filesize
4B
MD50e4a2c65bdaddd66a53422d93daebe68
SHA142f3818ae19c5b7c9d44e9914c9cb15457c6fdc7
SHA256299ae77a4ef350ae0dd37d6bba1c002d03444fb1edb236b341962dec14cb4bb4
SHA512e34eab1d53ba0f20fe3a9a1f7f0201d2bcce230ad4b6d86e2e30754fdcd3d9fe24cc3f2d504ebcd9292ddbccc8f8224e28c9d929e80d7f10ed0451b229ef56e2
-
Filesize
51B
MD54b707cbe9bde01e43101645e20f91a61
SHA1bed7fc7d4b2bedd87c11f22d2b04af612ec55c7c
SHA256532a9f374ed8c0770130a37a710c1f782f33c1e62e8866e0e701d6ec5d605d91
SHA512f6a17d02742e1df6a41d27923b1882819596a7d476ce9e41d690a26068d3e704066afae5e11490eeb38c1034d43c9867eaa16c1a0765a9ce7fb73705595e035d