Analysis
-
max time kernel
52s -
max time network
150s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
13-12-2024 03:24
Behavioral task
behavioral1
Sample
e9a7737659c8befea16546ab7c9760b0_JaffaCakes118
Resource
ubuntu1804-amd64-20240611-en
General
-
Target
e9a7737659c8befea16546ab7c9760b0_JaffaCakes118
-
Size
52KB
-
MD5
e9a7737659c8befea16546ab7c9760b0
-
SHA1
d9771a177fc36dde8930e021ae8cb5be626a2e50
-
SHA256
9f339f0a9146bb7a083e5f0d0cd0723938c71d0d7593e1ac04944329c1b72241
-
SHA512
573a5bd31a5c76a1b410de866c35689f74f5e907953d9f66a1cdc2b188d93257b3a2542af634077676e03b43c685df92619484878501a9478f74beca4882373c
-
SSDEEP
768:DCeXFBIhgrLlv6m1nm3iC0qh/0Y3nXvMcFnPA8e/:DCeXFBIhgnRmSC9MY3nXvrnPA8
Malware Config
Signatures
-
Contacts a large (70868) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for modification /dev/misc/watchdog e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 -
description ioc Process File opened for reading /proc/1153/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1193/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/456/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/460/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1528/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/458/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1017/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1519/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/458/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1333/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/480/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/647/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1280/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/461/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/482/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1548/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1527/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/472/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/607/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/656/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1500/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/456/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/545/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1173/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1521/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/480/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1070/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/313/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1360/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1539/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/525/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/575/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1504/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1515/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/451/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1090/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1152/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/449/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1094/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1113/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/409/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/450/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/461/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/482/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/682/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/960/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1233/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/606/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1175/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/451/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1544/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/460/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/723/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1042/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1249/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/559/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1484/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/708/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1503/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/906/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/731/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1066/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/1072/fd e9a7737659c8befea16546ab7c9760b0_JaffaCakes118 File opened for reading /proc/606/exe e9a7737659c8befea16546ab7c9760b0_JaffaCakes118