Overview

overview

10

Static

static

10

c74dc42bbe...kes118

ubuntu-22.04-amd64

9

Resubmissions

06/12/2024, 09:15

241206-k75gsswman 10

05/12/2024, 10:40

241205-mqteba1jfy 10

Analysis

  • max time kernel
    149s
  • max time network
    153s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    05/12/2024, 10:40

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    c74dc42bbe440932db0f1d72a2353a02_JaffaCakes118

  • Size

    61KB

  • MD5

    c74dc42bbe440932db0f1d72a2353a02

  • SHA1

    9224e2a0b5e860d6ee3bf3c0658060308f7c2cee

  • SHA256

    838128b004b0a6fb943655bae105acc61b2d9370b705e2bdbec330bc514ed442

  • SHA512

    e4e20405439b592680ebc3f32489bb827f028f8e41c8d4ef40a616a5b452b20414cf94a48762b72a2978c3f224b41909f12241351639a86a3f1e15dc86557f70

  • SSDEEP

    1536:rdZ2PuURL7ORsW38Iva/6pYPqexmtUffQfmX5hT:rdYuU0RD38ipnexl15h

Score
9/10
defense_evasiondiscovery

Malware Config

Signatures

  • Contacts a large (109994) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

    discovery
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Writes file to system bin folder 1 IoCs
  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/c74dc42bbe440932db0f1d72a2353a02_JaffaCakes118
    /tmp/c74dc42bbe440932db0f1d72a2353a02_JaffaCakes118
    1⤵
    • Modifies Watchdog functionality
    • Enumerates active TCP sockets
    • Writes file to system bin folder
    • Changes its process name
    • Reads system network configuration
    • Reads runtime system information
    PID:1596

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads