c34523bce4a4730a1ce69a4ef0c961db845c43b17a8457b9e79c02914c1874de | Triage

Submit
Reports

Overview

overview

7

Static

static

7

1a9a592cbc...kes118

ubuntu-20.04-amd64

6

Sharing

General

Target

1a9a592cbc8e070bd8f16405b500a89e_JaffaCakes118
Size

2.4MB
Sample

240329-gxkg4abd2z
MD5

1a9a592cbc8e070bd8f16405b500a89e
SHA1

564abeea31f50a896bef231d489e90007ecb8bbf
SHA256

c34523bce4a4730a1ce69a4ef0c961db845c43b17a8457b9e79c02914c1874de
SHA512

0ff1fb48af4f68a0c39aeeee75e726a19c208603d992a36bb6f799c2495c8134cf07fb218b2603c4ce2c2a608c5327b7cc5a33f48ac940026eec414defe69774
SSDEEP

49152:2pTV/bg+o8yNPRRciDPfB5H/bOKHixU9HDHoOZHt90j5bgDWbHM:1ccPZ5HDCAHDHoON0NOWbHM

Score

7^/10

antivm linux persistence upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

1a9a592cbc8e070bd8f16405b500a89e_JaffaCakes118

Resource

ubuntu2004-amd64-20240221-en

antivm persistence

ubuntu-20.04-amd64

9 signatures

150 seconds

Malware Config

Targets

- Target
  
  1a9a592cbc8e070bd8f16405b500a89e_JaffaCakes118
- Size
  
  2.4MB
- MD5
  
  1a9a592cbc8e070bd8f16405b500a89e
- SHA1
  
  564abeea31f50a896bef231d489e90007ecb8bbf
- SHA256
  
  c34523bce4a4730a1ce69a4ef0c961db845c43b17a8457b9e79c02914c1874de
- SHA512
  
  0ff1fb48af4f68a0c39aeeee75e726a19c208603d992a36bb6f799c2495c8134cf07fb218b2603c4ce2c2a608c5327b7cc5a33f48ac940026eec414defe69774
- SSDEEP
  
  49152:2pTV/bg+o8yNPRRciDPfB5H/bOKHixU9HDHoOZHt90j5bgDWbHM:1ccPZ5HDCAHDHoON0NOWbHM
Score

6^/10

antivm persistence
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Checks hardware identifiers (DMI)
  Checks DMI information which indicate if the system is a virtual machine.
  antivm
- Creates/modifies Cron job
  Cron allows running tasks on a schedule, and is commonly used for malware persistence.
  persistence
- Enumerates running processes
  Discovers information about currently running processes on the system
- Reads CPU attributes
- Reads hardware information
  Accesses system info like serial numbers, manufacturer names etc.
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Virtualization/Sandbox Evasion

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

antivmpersistence

© 2018-2024

Terms | Privacy