53096b354d6da8a3b41260b548b7272f1a24ce0c4666e4d36883cc997066d50a

Analysis

max time kernel
149s
max time network
152s
platform
ubuntu-20.04_amd64
resource
ubuntu2004-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu2004-amd64-20240508-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
submitted
15-05-2024 22:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

4866161c3016912264e2fc8a6d42d720_JaffaCakes118
Size

87KB
MD5

4866161c3016912264e2fc8a6d42d720
SHA1

1a23efb5c2b202e06a9c8911bfa3ca54a2d3152b
SHA256

53096b354d6da8a3b41260b548b7272f1a24ce0c4666e4d36883cc997066d50a
SHA512

ca93928d9f03bff12a69a98786c3926c00a1f179a65ceb5b4a7ef2e8965efe1d06ffb2c4f0128df1d8105067328241b79a19248b884b7774592b613f33ff531e
SSDEEP

1536:ivsT1iMu3iqruDwUWQ+q4/0PiskF6imrxKSJ5hbibsZmlOM+IMPcRoDPj:hO3xruetq4/g/kFaKs5hbiYZmAM+IMUY

Score

7^/10

antivm

Malware Config

Signatures

Deletes itself 1 IoCs

Processes:

4866161c3016912264e2fc8a6d42d720_JaffaCakes118

pid process

1383 4866161c3016912264e2fc8a6d42d720_JaffaCakes118
Writes DNS configuration 1 TTPs 1 IoCs
Writes data to DNS resolver config file.

Dynamic Resolution
T1568

Processes:

4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description ioc process

File opened for modification /etc/resolv.conf 4866161c3016912264e2fc8a6d42d720_JaffaCakes118
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery
T1016

Processes:

4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description ioc process

File opened for reading /proc/net/route 4866161c3016912264e2fc8a6d42d720_JaffaCakes118
Changes its process name 1 IoCs

Processes:

4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description pid process

Changes the process name, possibly in an attempt to hide itself 1383 4866161c3016912264e2fc8a6d42d720_JaffaCakes118
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description ioc process

File opened for reading /proc/cpuinfo 4866161c3016912264e2fc8a6d42d720_JaffaCakes118
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery
T1016

Processes:

4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description ioc process

File opened for reading /proc/net/route 4866161c3016912264e2fc8a6d42d720_JaffaCakes118

pid	process
1383	4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description	ioc	process
File opened for modification	/etc/resolv.conf	4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description	ioc	process
File opened for reading	/proc/net/route	4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description	pid	process
Changes the process name, possibly in an attempt to hide itself	1383	4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description	ioc	process
File opened for reading	/proc/cpuinfo	4866161c3016912264e2fc8a6d42d720_JaffaCakes118

description	ioc	process
File opened for reading	/proc/net/route	4866161c3016912264e2fc8a6d42d720_JaffaCakes118

/tmp/4866161c3016912264e2fc8a6d42d720_JaffaCakes118
/tmp/4866161c3016912264e2fc8a6d42d720_JaffaCakes118
1⤵
- Deletes itself
- Writes DNS configuration
- Reads system routing table
- Changes its process name
- Checks CPU configuration
- Reads system network configuration
PID:1383

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Network Configuration Discovery

T1016

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Dynamic Resolution

T1568

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads