Overview

overview

10

Static

static

10

b26095fe4b...kes118

ubuntu-24.04-amd64

9

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    29-11-2024 16:11

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    b26095fe4bf9280184486ad20f28f968_JaffaCakes118

  • Size

    78KB

  • MD5

    b26095fe4bf9280184486ad20f28f968

  • SHA1

    d62e5245e857dfd57fbfb3a40795b41e038990c8

  • SHA256

    3ba36ff89bf99503099c951409a0f9d0a357629768cb8f801f1336ff5452db11

  • SHA512

    e060ddf2e1f6f1acca5d970f3ad706f092137f357c88d2207ac746286ab7bff94e9b13f5dd16af6e33115cfd6d5d9f570288257f6914b7026e8d8401ac110d75

  • SSDEEP

    1536:Bg9bxyWp6hbJd+KzK7h8nh4ftjKUPPOy1u5j3vcy3mY:BMk9JdWpftjKUPGyyj3P

Score
9/10
defense_evasiondiscovery

Malware Config

Signatures

  • Contacts a large (102162) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Looks up external IP address via web service 1 IoCs

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Writes file to system bin folder 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • System Network Configuration Discovery 1 TTPs 1 IoCs

    Adversaries may gather information about the network configuration of a system.

    discovery

Processes

  • /tmp/b26095fe4bf9280184486ad20f28f968_JaffaCakes118
    /tmp/b26095fe4bf9280184486ad20f28f968_JaffaCakes118
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:2449
    • /bin/sh
      sh -c "iptables -F"
      2⤵
      • System Network Configuration Discovery
      PID:2455

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads