Analysis

  • max time kernel
    135s
  • max time network
    148s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    29/09/2024, 23:32

General

  • Target

    ff80371810dff12a679bf85583920a51_JaffaCakes118

  • Size

    1.0MB

  • MD5

    ff80371810dff12a679bf85583920a51

  • SHA1

    86f02811426135711f29ebac936e1605c2e2a0d9

  • SHA256

    fb3a2b9fa8fce18c92a0523846a5caf15c0094bb4215ed5a1947a387f5a48365

  • SHA512

    96573343e9aab85b844ad69ef8cc1d0dc4156475e32f838e32d927feea8cd74a97ae574af188b4e43a0f3dda24e3995f838aa92da06e96b50cb954791e90de29

  • SSDEEP

    24576:NRZtcN9rNLTWQvIea7zNRMTrh+dTpW0roBUcbIDO17T/:NRDcN/L6Qra7XMT2TodBUcbIDO1

Score
8/10

Malware Config

Signatures

  • Writes memory of remote process 2 IoCs
  • Loads a kernel module 7 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118
    /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118
    1⤵
    • Writes memory of remote process
    • Loads a kernel module
    PID:2497
    • /usr/bin/cp
      cp -f /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118 /lib/ff80371810dff12a679bf85583920a51_JaffaCakes118
      2⤵
      • Reads runtime system information
      PID:2499

Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/ff80371810dff12a679bf85583920a51_JaffaCakes118e

          Filesize

          465KB

          MD5

          e236412fb598fd130d4c0c88cfb5d2ba

          SHA1

          626d970cf2251b4b6572d56d580da6bf2011b303

          SHA256

          efed8e0673d22e6bbabada6e6888274f0934794eedba1d1d68ea4c05a02a1126

          SHA512

          a61d4eac889548c1f1f5f3a747e9ce1f2a7afe8ae640d34776af2ec95589e7331efbee381e76bee0d7c09d2749a471ff1bc067bb94e0291c3509c72306815400

        • /usr/lib/5d570686-37ee-11e2-b228-000c292cb65c

          Filesize

          51B

          MD5

          8cdaebf5165f89c6a03fadc727e39f09

          SHA1

          f40723aaad902615ca8397d9c30b77c9e2ce77dd

          SHA256

          2993607ed496df8ae47650f392433c032b953d81548a289badcad9f45ffdcc3e

          SHA512

          4a5dfee9f0c661d58011b5e953a674101375185b3ad8dc58ec2b3afbefaf0f60fa31a13bba2946eb4c5aea9ee0e87cf1d31d9a7d35276b4b66435609889b6d63