Analysis
-
max time kernel
149s -
max time network
150s -
platform
ubuntu-24.04_amd64 -
resource
ubuntu2404-amd64-20240729-en -
resource tags
-
submitted
26-09-2024 07:59
General
-
Target
f7eb81fc660ece0137653be2632629e8_JaffaCakes118
-
Size
1.5MB
-
MD5
f7eb81fc660ece0137653be2632629e8
-
SHA1
6b56ee419cab7d24e9550c33f227898562d2bb6e
-
SHA256
f880e1f9b1db9847990670a0207f69a95cae7f257b684cfcd7a919b2feb38032
-
SHA512
0bcb85342f189f6e1c4d4ecacb44c59629f95993bb3645d490f3a9ceb65a922bea051598a790543735a7470080f9f43a0b8ac72a434775a067183761e14cade8
-
SSDEEP
49152:27ilOolLbt1laIunbZsehkvS55555555555555555555555555555555555k55w1:CeOolLbt1laIunlsehvNtYi7COEm
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 6 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 2 IoCs
-
Loads a kernel module 64 IoCs
Loads a Linux kernel module, potentially to achieve persistence
-
Write file to user bin folder 8 IoCs
-
Writes file to system bin folder 3 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 2 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 30 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/f7eb81fc660ece0137653be2632629e8_JaffaCakes118/tmp/f7eb81fc660ece0137653be2632629e8_JaffaCakes1181⤵
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc1.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc2.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc3.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc4.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/lnln -s /etc/init.d/DbSecuritySpt /etc/rc5.d/S97DbSecuritySpt2⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/bsd-port2⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin/bsd-port2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/f7eb81fc660ece0137653be2632629e8_JaffaCakes118 /usr/bin/bsd-port/getty2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/bsd-port/getty/usr/bin/bsd-port/getty2⤵
- Executes dropped EXE
- Loads a kernel module
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc1.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc2.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc3.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc4.d/S99selinux3⤵
-
-
/usr/bin/lnln -s /etc/init.d/selinux /etc/rc5.d/S99selinux3⤵
-
-
/usr/bin/mkdirmkdir -p /usr/bin/dpkgd3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /bin/lsof /usr/bin/dpkgd/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/lsof3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/lsof3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/cpcp -f /bin/ps /usr/bin/dpkgd/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/ps3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/ps3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/cpcp -f /bin/ss /usr/bin/dpkgd/ss3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /bin/ss3⤵
- Writes file to system bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /bin/ss3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/lsof3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/lsof3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/ps3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/ps3⤵
- File and Directory Permissions Modification
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin3⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /usr/bin/bsd-port/getty /usr/bin/ss3⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/chmodchmod 0755 /usr/bin/ss3⤵
- File and Directory Permissions Modification
-
-
/usr/sbin/insmodinsmod /usr/bin/bsd-port/xpacket.ko3⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
-
/usr/bin/mkdirmkdir -p /usr/bin2⤵
- Reads runtime system information
-
-
/usr/bin/mkdirmkdir -p /usr/bin2⤵
- Reads runtime system information
-
-
/usr/bin/cpcp -f /tmp/f7eb81fc660ece0137653be2632629e8_JaffaCakes118 /usr/bin/.sshd2⤵
- Write file to user bin folder
- Reads runtime system information
-
-
/usr/bin/.sshd/usr/bin/.sshd2⤵
- Executes dropped EXE
- Loads a kernel module
-
-
/usr/sbin/insmodinsmod /tmp/xpacket.ko2⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
64B
MD51c702e5ee696a1ac118768f61daa9779
SHA16751a7cf2902df8819a1b3e8d6b5ed77a865f157
SHA256a37f359aca6e1917e46080e1cbff42fb43d3de083e6b2550e6993ebab55b805d
SHA512f333375d4453f9f2599c4938dc05839c54f14b9540f476ef071261038f8c4883e77d649d5e2a6ba3c4fef996028f72812e57406332955696ae963c1d49d516f1
-
Filesize
36B
MD5993cc15058142d96c3daf7852c3d5ee8
SHA10950b8b391b04dd3895ea33cd3141543ebd2525d
SHA2568171d077918611803d93088409f220c66fae1c670b297e1aa5d8cbd548ce9208
SHA5120c4256c00a3710f97e92581b552682b36b62afc35fe72622c491323c618c19ea62611ac04ccafc3dfcde2254a2ebbd93b69b66795b16e36332293bed83adb928
-
Filesize
73B
MD56c16a265e898152cab0d8f691982fe38
SHA189bd13bf7006c3ad2662217463bca57df549d844
SHA256b93b44a01b890bc475a5bd3e14e6044cb5e3b339cd5b4267a124e326a494f0f1
SHA512966a1ab59b16a3b98c68d8c6777d977f454dab853eff2272781379be2aa0cdc09c28c7556eaeda59730630a173dd72cfb9789197069060219e1ef7c3ebae865d
-
Filesize
4B
MD59af76329c78e28c977ab1bcd1c3fe9b8
SHA1b99dfad9dfce6db8291c587455dec8f5ab378920
SHA2560b8c4c7c81ac3255024f978a24c4c63bb034cc40ed2fe51dec83cb28c8785a87
SHA512668d2295ecadcda8fcc02a365e4581723081509faa870d4f5d8fdb6af85519d477b0c8529212449f9f4d2d880c57d205b85753f42f6e5e25295b9ec473a9a953
-
Filesize
4B
MD518bb68e2b38e4a8ce7cf4f6b2625768c
SHA11749e00b294522e5a35f798a614395d417b46ba6
SHA256f6142d191a2f19d20f07ba7ede424003d67a0f5987a99d150e65d93eaa44b1de
SHA512a139dc3217fbfd12d0c22e69b4154f6a7dc9dd0a3be286487c1d209858b0b87cdd60165b6f2a39c330b57eeac6360a4d65859f597784ce0c077bf40bbbd18f8d
-
Filesize
51B
MD5738b9c1139253332f272f24a7f4ecb77
SHA19ffcb152dbeca701f1a00419a686bd1c7a1b2543
SHA2567e9c3457d5aa9c3c7173797c6572a2b8927c28c773967a6fd3a196984540a5fc
SHA512d3d91a5dd7cfeda5172cd75276544acab083f0732251cb28072482523a6a25c833280891bcc4a763cb2a522d5e697b67eebf5126342303bd6fdb7f2a27b9d737