Resubmissions
19-02-2024 16:24
240219-twkgxsfh8v 7Analysis
-
max time kernel
2s -
max time network
22s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231221-en -
resource tags
-
submitted
19-02-2024 16:24
General
-
Target
https://bit.ly/CloneJake
Malware Config
Signatures
-
Changes its process name 64 IoCs
-
Reads user data of web browsers 55 IoCs
Reads stored browser data which can include saved credentials.
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
-
Reads CPU attributes 1 TTPs 9 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 58 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/usr/bin/xdg-openxdg-open https://bit.ly/CloneJake1⤵
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager2⤵
-
/usr/bin/dbus-launchdbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr3⤵
-
-
-
/bin/grepgrep " = \\\"xfce4\\\"\$"2⤵
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE2⤵
-
-
/bin/grepgrep -i "^xfce_desktop_window"2⤵
-
-
/usr/bin/xpropxprop -root2⤵
-
-
/bin/grepgrep -q "^Enlightenment"2⤵
-
-
/bin/unameuname2⤵
-
-
/bin/grepgrep -q "^file://"2⤵
-
-
/bin/egrepegrep -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/local/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/local/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/https2⤵
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager3⤵
-
/usr/bin/dbus-launchdbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr4⤵
-
-
-
/bin/grepgrep " = \\\"xfce4\\\"\$"3⤵
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE3⤵
-
-
/bin/grepgrep -i "^xfce_desktop_window"3⤵
-
-
/usr/bin/xpropxprop -root3⤵
-
-
/bin/grepgrep -q "^Enlightenment"3⤵
-
-
/bin/unameuname3⤵
-
-
-
/usr/bin/whichwhich firefox2⤵
-
-
/usr/bin/firefox/usr/bin/firefox https://bit.ly/CloneJake2⤵
-
/usr/bin/whichwhich /usr/bin/firefox3⤵
-
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox https://bit.ly/CloneJake2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
-
/usr/bin/dbus-launchdbus-launch --autolaunch 11c67417355f45d397f6be11f62e85a6 --binary-syntax --close-stderr3⤵
-
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr3⤵
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr3⤵
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr3⤵
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=11c67417355f45d397f6be11f62e85a6" --binary-syntax --close-stderr3⤵
-
-
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/bin/sedsed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"1⤵
- Reads runtime system information
-
/bin/sedsed "s/:/ /g"1⤵
- Reads runtime system information
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/bin/grepgrep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache1⤵
-
/bin/sedsed "s/:/ /g"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s|-|/|"1⤵
- Reads runtime system information
-
/bin/sedsed -e "s|-|/|"1⤵
- Reads runtime system information
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/lsb_release/usr/bin/lsb_release -idrc1⤵
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20230522134052 -prefsLen 19257 -prefMapSize 230809 -appDir /usr/lib/firefox/browser "{391b80c9-9a2a-49f5-84a4-6dc8a533a45d}" 1633 true socket1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/libexec/xdg-desktop-portal/usr/libexec/xdg-desktop-portal1⤵
- Reads runtime system information
-
/usr/libexec/xdg-document-portal/usr/libexec/xdg-document-portal1⤵
- Reads runtime system information
-
/usr/libexec/xdg-permission-store/usr/libexec/xdg-permission-store1⤵
- Reads runtime system information
-
/usr/libexec/xdg-desktop-portal-gtk/usr/libexec/xdg-desktop-portal-gtk1⤵
- Reads runtime system information
-
/usr/lib/gvfs/gvfsd/usr/lib/gvfs/gvfsd1⤵
- Reads runtime system information
-
/usr/lib/gvfs/gvfsd-fuse/usr/lib/gvfs/gvfsd-fuse /root/.gvfs -f -o big_writes1⤵
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 1 -isForBrowser -prefsLen 21750 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{137f4e71-c670-48eb-b2e7-6b31adedf323}" 1633 true tab1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -childID 2 -isForBrowser -prefsLen 21418 -prefMapSize 230809 -jsInitLen 238780 -parentBuildID 20230522134052 -appDir /usr/lib/firefox/browser "{cf037e37-0bea-476a-a981-8d0b03f61739}" 1633 true tab1⤵
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
13KB
MD5ecf974c47669d11e6d352a3e993adc7b
SHA15c78798058e67aeb9330c56a77c126f4c58527aa
SHA256ca0c6ef750d92769419d5b72a1b6ed2042ab1d46d8afe31530c4a57fd719d623
SHA51224f11134d15a4d0fb6079f0917faa27eb1ad6bc9eaca49c331de3d65737dc18e3d41a35ef5d9b43f5f1da43f6e160a95211a403548829164404f204013f35a2b
-
Filesize
466B
MD5d102d6d9e9c6f23fe9598ac96b139541
SHA1d80f7d94de040fc93b7b02cc8da00718a37a2a97
SHA2568be30c0c7fe6e7433ca30cde90a7b6f7efffe3bb9fda86a202a81ceacee49d02
SHA512cdbd8ff2b787aa95abd9f3aeb6afcda5d04efcd441e7cacfc15aee4c8ac4f0c5de387caa24bd28eadce34d43b376bfa116b07666004eb1c4495144f1eb166522
-
Filesize
47B
MD5a26eed15d011039396eabf33ad3b527f
SHA12f316daf1c413812fd9f20a7576eedbd84beeae3
SHA256cead89911492b0fea6bcfb51d6515e49f51f55570f888df320f8040f08b1d7ff
SHA51231bc9568a5fa2b7dc591eb4e3a54bcc1ed635512f7759b1d2ae1db5f477c694fbe0e159cf2b95e4fb13cac1a58377bdf0072042740c45e4130ab3dfcf74f4ef5
-
Filesize
10B
MD5737952ed25ac33a4dea3f693a1650f15
SHA12370f280f0c9c5240e01c933cada9b538aefda54
SHA256e32da6d41f896d318b9ff84a23d079b2cda5cb412c74aaf904274b1c13b69234
SHA5121a63e6b796ab9f22b9fc6f02a04a860274445081b916b13a598a5a7406a7232869a66f00ec2933f9507728788e1a5ca27703341d08483b45cdb50e21d8b8b3d7
-
Filesize
62B
MD5968ae94680d958af1188ad7efa5bc369
SHA1adb88b49d845a8e1234fbc5c1a10b0c7d7ac49a6
SHA256603485646c7f7a61880471151cf0acdde72af39480db630a25751ecab4c090bf
SHA512aaaca14cfe8a4dce0257240bb173873816e7087dbf8f5db5ded881c93d60ba50d6ccc4db9c5c61c95c46afe14f1f2b9468afa2da131293f3099ed3851b304466
-
Filesize
259B
MD5e3734f988f51b046504050c724a457d4
SHA1f7ccd51b51d28301a5ee6a0bfc234e25f1f8e59b
SHA256647f4b07c6c5cbf3d47d5b9713e36bf136e117e6e22821107097839a5c4e38c2
SHA512c47ca9a293c9a8fc599e444f908d2a9097c12178b2ea3b1a1a419b6a99c4940432cb9ea12b8a076611011c0f4192069a37d3b3ce6351532088690a8fd13c8d12
-
Filesize
224KB
MD559c011a0cb63ddeeb23e6f1dd9d82a44
SHA1ff7600310edcc8446f2feac65aed0712bd4472a6
SHA256c819f9f01cd90702328c129500fe276db875ce8ab2efc699f47e1d36eccd9e9f
SHA512c6bd845626684e3a24dadb296a056205f41f0315405e9256f97f95de0d821414510e59e43fc211da39b6e7b11c77d56f0b16b0735f586f948a2878686734674d
-
Filesize
163B
MD5fe452b7294d5928a9a5863b89ee0a6bd
SHA1a5d4c245071fa96476ba48b4725bdae7f1b7940f
SHA256d5bfb07561606a19aa96557ea109b175050dc0eb805cbef9c813503587d77900
SHA512dc37d8507f08849e3382d2dbafd4a64555dbd57a288c95131e9aefb366630f1585811a9e1456b861bb9d2b816ed88b18ffb7580cd92b41bb9b0227ce1363843e
-
Filesize
96KB
MD59535f5fe817accc769c2c1d3354db39f
SHA16af62cf08717cf3bfa84eb1a7b311acf522ce560
SHA256c53c15fcfac2bb57fdc88d23f932fc244dbaf4020f0f6eaecf0f77a37c21f8c5
SHA512dc9c2c32eb42dda0a7a711e143aea58c603c1e9d885c3677e9fe86f525e1b0b32a46e240756263e56510b07e764ba69f2de13b90ec18210678242e10cfe17837
-
Filesize
96KB
MD55caa766855d5613a999f71b7812d6451
SHA1ad0d9a52a0d5cc7f11858301dbe47377ed99ee37
SHA2563a8ce2b07e3e8678a13aa58ef5b942c4dccd8f9c84511bdeb8847ef270797e27
SHA51217bb0f4c87ec178910795b25ce85e74cf599190c769592472c3e872f42930c93f28faf0ff3e448816a9abcc8af0459852bed52bee08cfe25d068879c6dfd8eba
-
Filesize
288KB
MD5f6ae4c40ed40a97969bc4051227ada59
SHA1d4cab727ac6dd76106bd90108d5f066b788b8042
SHA2563dffff80ce75ca1f9b82d9a5e9e7d756e48b13fa2575ae0bd5beeb1bf37f8b02
SHA512c149c522272a1cf564da743b16e7c38a94d3ad7b76c6bd37fafe9e8c6796a332abe7952ae4226719ff0e68667b3355f150498509923738389f9239870e4f0b97
-
Filesize
96KB
MD5232fbc22dd03a8ec41edde02bdbea61c
SHA16ab4b39bca95418c52f7f861fd39e5fddb9cc7b6
SHA256d88bf367aaf79efbb2e8fbdb1dc5bde1c1c3a53e0f4d8188027a63ec55d5f5f0
SHA512055f1595f4a327347671db53cec8d89a310109d3f871c567e3d5b654b956fc0369d12437f7dc6d9327b973008f1327ee0dfdb5504f1b3cbe00da29941b1e5892
-
Filesize
2KB
MD5ef3a5d3d326535fe8d74a2bfc7b805b1
SHA1e2299ae11f146a3b8201b67ab913683ef72933ad
SHA2566def177ab7cc5d561c1e81bb0ee35600c04285c056315300bf961664ec45b6b5
SHA512a7a251650f3bf67c94ead2a6164d1049c6328610feb977e14f8856708192a84d10291f0b536d57042228beccf7d0d5523b00141d99ba0d510be42b950f188e90
-
Filesize
3KB
MD5c0190914aad419dec9485c4c4c0e8d89
SHA1982ce9e2eab667294dc18a891f8557449fea9ae1
SHA2561297b65ed8f55810c1dc24cd4c6f5130ca3abf9cae26db66a3eec82071a79476
SHA512767642a9e6ff57bbeb1ad86de9983eb2a1296ef44c195be015006151d55836e9a60ca568b4b4ad2d731c81c26b20415cf765247c27eba2d8b0184ad16335ea1d
-
Filesize
3KB
MD50d69aa201d2d0e84a4ac87e94491f896
SHA1c776e1c51690f2b19ee032917d24debb0817768c
SHA2561717c96052802c8a9553b741ea531e09a9c41f43a9ffa46a4bf58c91ceca1522
SHA5124108a6e655a25646aba070845e481c16ef151c86700f499912e112756182f8cb57828510692f2d2c142deebeb8f4ddb3cdb8eff6d17ba993dcae42419714bc2f
-
Filesize
1KB
MD5718ec300a9c28227e72d3b9e11b4cca7
SHA19c4e4225ecc1375198a7fae3da1df385d24427e2
SHA256da304c458fe0b223ac39cafdc34a3a1ec098770b4abd0610697f0fcc0404c5c9
SHA512c587c0502e1880425f8f38086fe28e45664f38eb966bfc934a685fa97bdfdb9816d6e1abeefb686d2654b56f55e0adaea8fdf4e58078fac5b8b00ce630e8c643
-
Filesize
96KB
MD5e0c613bfd69956a19ce2dc5e925aa223
SHA114accb230edcd6cb76967cdc6d4e5686db96b5df
SHA2560d4cb11f6364c46a75f9eaddfca5c660b90dfd515df3afcd5e0baeca28a0f1ab
SHA51201643c0131a392be92b3f281d7f633c1f502bff19090b0d716f1ac66aefecc3fcf92f393bef66b03089c9b9c6d8aaeb711b6a4f29d5a6729dd188c838f2272d1
-
Filesize
128KB
MD5178d71e5529d637ac62f7e75fdd75896
SHA1339f2b949cc4c207b66aea11137448ba28d36dcb
SHA2567b0050f1bfaab85c8f9067ae7d7369056ff752c0c852ef1462a96c22169004d4
SHA512ec0e0105fcfbbae356dd55efbcf92975f35bbe5cb93fcabf4c08443e871957635d14830b27c4e1ddefbbaff8f9b7ec3590bf417a9442e1d7ee3607d14d56f664
-
Filesize
42B
MD5a61e76e8f0e59f0fb66f4c03956b8b08
SHA121f59216a26e47fa29911096adc7410726c6ea44
SHA25699663e9a947cb5c42e8b134218693112334a0f86c0074f080cf60622a2b6a7d2
SHA512b121efb98b21de8450187c5ce59452bc22daf2e63169a2b0c6d89dbaee5aed3ca7ed2e0c70935c31304828f9dce5593f965af914f10dcec2072c557ae1ab1682
-
Filesize
44KB
MD5759544297aaa61f5fef8ee42d0ae4393
SHA1fc2d66f6e60409e3e8d38623ce5f817fc7f571e0
SHA2561bd2000cd972e80cefaec6e982ba261d224a818f367de0fdf8c51fa5a05d7ab5
SHA5128aaa2ce66f10d46f7c9200af841ac7bd9f5b55c30308a14f0deda44ac62581c45daae45154487c0073a0d5847d5926cbb4072ca64a702ac6b834ad0bb482804f
-
Filesize
12KB
MD5b1437244569f1873849e85bc4fbdcce3
SHA198c75ee803afc0703118315728c377096b044414
SHA2565473a086a3f816c7ea424e978d4b3c642ec6881d8a508669b01ab5717111de96
SHA512701c6790100cbb92488023a373995e9ce33100d8854ce3dda427654928609eb57cc3c757cdf67fcff651f5b73eac9b8ed17c92c88ed01df74a03e332f377c496
-
Filesize
44KB
MD507a412e08825220262ad2890757ff779
SHA1f46c127dbc070ded87a6078b3c1c761955f96de8
SHA256da640f8b665841b520d2262a21cc3f82aeaa881cf81a1ddae27ef501d66544e4
SHA5120134c783bf3293848e479b478ac57a1e0f4202cddfb8b57bc6275aada7345f398cf8a627e9b1c34fd618192c2f0c9737b1da487daf33f9c557ebc1377105582b
-
Filesize
12KB
MD50007bcb0507a99b61d45f81c6dcfb1a5
SHA16303aa8ace9d96cff3fe6f8718fab518f8319cf8
SHA2568c2a4dfee435049c8ce082d515794aa37babfa67fc673f8e014c6dc3a60e53ea
SHA512eb183e06f1962970ad4fd4ce5709c0f40d9ebb45f5d61f768cb899c6f68bc463bb7b76aa57579341ad7fbc64c81e4a98aeda25e749f676cf08ec20fca29e3339
-
Filesize
164KB
MD577a74f224e25a6bc10ad443579a941da
SHA1f54cb29d4ee5575b60a4d86387e074814dced933
SHA256f21a9e7da222998300bbf62489cef6fa7e1e92a99eecff3de5b9dd606b350dbc
SHA512534ebd9aabfbf8ffd84d7b1a977af2565ea5f9bca6557f7ee9ebc3f2f9462e261664363927c13fe0f73febff7a4fa61f2f8ee408685482d147598a6c6467a874
-
Filesize
148KB
MD5dd3f6ba37c670af5953593535e435d04
SHA1ecfe4e650a050bce77e8ff7468de04c1b8acc9a4
SHA2565cc6fa137a1f3a7d0b615b178877f12c460b22f95702eb7534d5732ee6599561
SHA51286e0482543faae6fb279ca71e1e6d6461d32317e74baebb3973e0fde9800107faeb9c2347be6cf8a47556ae43c8e6c224a595e952f621e40ad2c5eba920df2b3
-
Filesize
50B
MD5ea13a9f48384545784bb5a01b3014164
SHA164da9a944b44b751dc1dccbcf05c4427c819e442
SHA256f841833909e5bf348cfa87613448249de74280af26563ac082df582e09511524
SHA512396e0bf47c9ecac9de38aafb8dee16c8fb62ee98603d2ff9f0ef0e8a05dfe94d85d65a4cbcce641cb7cc30da29ae131c566a743730afd95d3f05d60d281a29bb
-
Filesize
47B
MD59a921ace4310da9edaca839cb9a7573c
SHA15ecbd3d3505c45953c92deddb5002f8264ee4bbf
SHA25619df8f3c131c3678d3b95f163850c96de5ae40b6cd55680d738ab8b6b964651b
SHA5121f8307ff9562135e576113ec134e57173febfbcf43141125da608544f1a805a832cb622c4f3e85a9ec5dc431b3aeae497eb64f1fd9b0483ec9fa423aa7a84e9d