Overview

overview

10

Static

static

10

cf1a976e85...kes118

ubuntu-24.04-amd64

8

Analysis

  • max time kernel
    7s
  • max time network
    10s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    06/12/2024, 21:26

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    cf1a976e85e76f268e8b7c986cd687d0_JaffaCakes118

  • Size

    68KB

  • MD5

    cf1a976e85e76f268e8b7c986cd687d0

  • SHA1

    ebf1f223eb9107afd8b9ea5d722fed43cf38fafc

  • SHA256

    b7d263461e7ba2a2b32b4ae89e75f50e2522ad6713d6039afd3c0d3fafb4c782

  • SHA512

    4b2788b6943396f2dac66d99c75731ae6506f5834dc91a8dfa8b4bf08526a8a52dfc00a0bcbc8d4bd5d69263cd702a3fbdf11d9f56dcb065ef9950f3d37934fb

  • SSDEEP

    1536:ZXuL5MVqr3MOWaunK2ULfSyjiUe//zLQa2ehH0hQzg:ZeLqVqrdhun7ULfSyNe/VFpQQzg

Score
8/10
discoveryrootkit

Malware Config

Signatures

  • Contacts a large (1121) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Loads a kernel module 8 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/cf1a976e85e76f268e8b7c986cd687d0_JaffaCakes118
    /tmp/cf1a976e85e76f268e8b7c986cd687d0_JaffaCakes118
    1⤵
    • Loads a kernel module
    • Writes file to tmp directory
    PID:2817

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads