3c533054390bc2d04ba96089302170a806c5cdb624536037a38c9ecb5aeea75d

Analysis

max time kernel
120s
max time network
134s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240221-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240221-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
18-04-2024 12:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f7f82b546377bb7cacb87b03220a8f8b_JaffaCakes118
Size

4.5MB
MD5

f7f82b546377bb7cacb87b03220a8f8b
SHA1

8c634b67265ddf7ea86cb6e4f3a29d8e97ddf5ad
SHA256

3c533054390bc2d04ba96089302170a806c5cdb624536037a38c9ecb5aeea75d
SHA512

8133c2f2702dc53f06cee8618bf7e429fa5620210fafb8c860cacfd4bbbabcd84aca469c74eb81c4be3400850c4e14805525a7771e5fe0b9b65a748fae18154b
SSDEEP

49152:/SPyBuRkzNsX9+jNEmVzTEW9teAbkc3UhrLcKtsqUE/HLGesPf8ISlVkdkotlsqq:PdDNEYEikcurYKKqlLlsNP/i

Score

3^/10

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

f7f82b546377bb7cacb87b03220a8f8b_JaffaCakes118

description ioc process

File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size f7f82b546377bb7cacb87b03220a8f8b_JaffaCakes118

description	ioc	process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	f7f82b546377bb7cacb87b03220a8f8b_JaffaCakes118

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

f7f82b546377bb7cacb87b03220a8f8b_JaffaCakes118

description	ioc	process
File opened for modification	/tmp/f7f82b546377bb7cacb87b03220a8f8b_JaffaCakes118.pid	f7f82b546377bb7cacb87b03220a8f8b_JaffaCakes118

/tmp/f7f82b546377bb7cacb87b03220a8f8b_JaffaCakes118
/tmp/f7f82b546377bb7cacb87b03220a8f8b_JaffaCakes118
1⤵
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:1475

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads