Overview

overview

7

Static

static

1

1196d0a314...kes118

ubuntu-18.04-amd64

7

1196d0a314...kes118

debian-9-armhf

7

1196d0a314...kes118

debian-9-mips

7

1196d0a314...kes118

debian-9-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1196d0a31402b04a32aa582ae6d2c15b_JaffaCakes118

  • Size

    11KB

  • Sample

    240328-18zwpsag69

  • MD5

    1196d0a31402b04a32aa582ae6d2c15b

  • SHA1

    5d6a8c0437bdf30079188283b0e60d063e649f27

  • SHA256

    ba2e2bda0794551b0d203c2b617a8b327baa68199e5d7dd22d8849a77fac1183

  • SHA512

    cb9e5c0b2a430bd2963b64e659cb2cb65f20d53888e6a188f9831a65c0dd568550439423ff2349c7100e09f45ba3b07e97688c1d9190b2bc1d7a595f310cb28a

  • SSDEEP

    192:fQ6PgM8PvaA0Rj1veSS7MYtGRwcY3Pkfz216zPEDAzQSvmgVgIbc1H7vjjB4C1v6:fQ6PgM8PvaA0Rj1vy7fmjwMxzgX17j/s

Score
7/10
antivmlinuxpersistence

Malware Config

Targets

    • Target

      1196d0a31402b04a32aa582ae6d2c15b_JaffaCakes118

    • Size

      11KB

    • MD5

      1196d0a31402b04a32aa582ae6d2c15b

    • SHA1

      5d6a8c0437bdf30079188283b0e60d063e649f27

    • SHA256

      ba2e2bda0794551b0d203c2b617a8b327baa68199e5d7dd22d8849a77fac1183

    • SHA512

      cb9e5c0b2a430bd2963b64e659cb2cb65f20d53888e6a188f9831a65c0dd568550439423ff2349c7100e09f45ba3b07e97688c1d9190b2bc1d7a595f310cb28a

    • SSDEEP

      192:fQ6PgM8PvaA0Rj1veSS7MYtGRwcY3Pkfz216zPEDAzQSvmgVgIbc1H7vjjB4C1v6:fQ6PgM8PvaA0Rj1vy7fmjwMxzgX17j/s

    Score
    7/10
    antivmpersistence

    • Executes dropped EXE

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Disables SELinux

      Disables SELinux security module.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads CPU attributes

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

1
T1053

Persistence

Scheduled Task/Job

1
T1053

Privilege Escalation

Scheduled Task/Job

1
T1053

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks