f880e1f9b1db9847990670a0207f69a95cae7f257b684cfcd7a919b2feb38032

Analysis

max time kernel
149s
max time network
150s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240729-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
26-09-2024 07:59

Target

f7eb81fc660ece0137653be2632629e8_JaffaCakes118
Size

1.5MB
MD5

f7eb81fc660ece0137653be2632629e8
SHA1

6b56ee419cab7d24e9550c33f227898562d2bb6e
SHA256

f880e1f9b1db9847990670a0207f69a95cae7f257b684cfcd7a919b2feb38032
SHA512

0bcb85342f189f6e1c4d4ecacb44c59629f95993bb3645d490f3a9ceb65a922bea051598a790543735a7470080f9f43a0b8ac72a434775a067183761e14cade8
SSDEEP

49152:27ilOolLbt1laIunbZsehkvS55555555555555555555555555555555555k55w1:CeOolLbt1laIunlsehvNtYi7COEm

Score

7^/10

File and Directory Permissions Modification 1 TTPs 6 IoCs

Adversaries may modify file or directory permissions to evade defenses.

Linux and Mac File and Directory Permissions Modification

Processes:

chmodchmodchmodchmodchmodchmod

Executes dropped EXE 2 IoCs

Processes:

getty.sshd

ioc	pid	Process
/usr/bin/bsd-port/getty	2537	getty
/usr/bin/.sshd	2556	.sshd

Loads a kernel module 64 IoCs

Loads a Linux kernel module, potentially to achieve persistence

Processes:

f7eb81fc660ece0137653be2632629e8_JaffaCakes118getty.sshd

pid	Process
2496	f7eb81fc660ece0137653be2632629e8_JaffaCakes118
2498