Overview

overview

10

Static

static

10

920f246bf6...kes118

ubuntu-22.04-amd64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    920f246bf645b8b84ec280fcbfdb0567_JaffaCakes118

  • Size

    140KB

  • Sample

    241124-c1gs6awkdr

  • MD5

    920f246bf645b8b84ec280fcbfdb0567

  • SHA1

    e0965931e2bd1f5ce17a6743e17c3365fd7f6902

  • SHA256

    85ca42b4d916cfdb5d69a2ff13f679dfdc76749ab1cdd47d7a0962bc5e87735b

  • SHA512

    04ca19e0ea12f0dddde083a1f7f21a8a2dcff67780b2daa6e25ec6f4028783dcc6c77285fd471ffca8c75ff3386d169e78bcc69f8dafcc993362b367d93d8be2

  • SSDEEP

    3072:ezwFzskMXc8TfskyCBkIOVPem4MSRpWo+DA6Dcoixgr1TkM3Q:eGMXxJyCbOId9EDcoixgr1TkM3Q

Score
10/10
gafgytdefense_evasiondiscoverylinux

Malware Config

Targets

    • Target

      920f246bf645b8b84ec280fcbfdb0567_JaffaCakes118

    • Size

      140KB

    • MD5

      920f246bf645b8b84ec280fcbfdb0567

    • SHA1

      e0965931e2bd1f5ce17a6743e17c3365fd7f6902

    • SHA256

      85ca42b4d916cfdb5d69a2ff13f679dfdc76749ab1cdd47d7a0962bc5e87735b

    • SHA512

      04ca19e0ea12f0dddde083a1f7f21a8a2dcff67780b2daa6e25ec6f4028783dcc6c77285fd471ffca8c75ff3386d169e78bcc69f8dafcc993362b367d93d8be2

    • SSDEEP

      3072:ezwFzskMXc8TfskyCBkIOVPem4MSRpWo+DA6Dcoixgr1TkM3Q:eGMXxJyCbOId9EDcoixgr1TkM3Q

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (71518) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks