Overview

overview

7

Static

static

1

4606668ebb...kes118

ubuntu-18.04-amd64

7

4606668ebb...kes118

debian-9-armhf

7

4606668ebb...kes118

debian-9-mips

7

4606668ebb...kes118

debian-9-mipsel

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4606668ebb936b03e91ddab6a6da9369_JaffaCakes118

  • Size

    1KB

  • Sample

    240330-2hn7ysgg93

  • MD5

    4606668ebb936b03e91ddab6a6da9369

  • SHA1

    f45399b17d39691f7064621b0f44d27aa6e45ae9

  • SHA256

    5cbfb3db12f2047a858c3ac312dde3bcc3159fab137a1366f8a00acf8d3e6c09

  • SHA512

    2ecc1864a68cf8d76f3b1bdd40879455e1c4991bbc49707e1f0d5b148fde8905cc504cfc38cb4575c0d8000ccc567bdfb294fcad64d50a8d563ece35d60ac189

Score
7/10
antivmlinux

Malware Config

Targets

    • Target

      4606668ebb936b03e91ddab6a6da9369_JaffaCakes118

    • Size

      1KB

    • MD5

      4606668ebb936b03e91ddab6a6da9369

    • SHA1

      f45399b17d39691f7064621b0f44d27aa6e45ae9

    • SHA256

      5cbfb3db12f2047a858c3ac312dde3bcc3159fab137a1366f8a00acf8d3e6c09

    • SHA512

      2ecc1864a68cf8d76f3b1bdd40879455e1c4991bbc49707e1f0d5b148fde8905cc504cfc38cb4575c0d8000ccc567bdfb294fcad64d50a8d563ece35d60ac189

    Score
    7/10
    antivm

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Write file to user bin folder

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Hijack Execution Flow

1
T1574

Privilege Escalation

Hijack Execution Flow

1
T1574

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks