8db0dab876d75b6a90b9f338aae514248be3b046e4df7956a60cc896aab48099

Analysis

max time kernel
146s
max time network
146s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
04-06-2024 06:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118
Size

1.0MB
MD5

93e2b0a77052b368554bb3c0e2a1e64b
SHA1

b42f5e1400e3c15c4beeb0278ddacf19e808765b
SHA256

8db0dab876d75b6a90b9f338aae514248be3b046e4df7956a60cc896aab48099
SHA512

cbeb659a8ba99c96c29b5cc4f84d123ad8bb370beee20609e54259dd2002145b0400e3dacfccd569a5e19e9b07bcfa42e6ee35ecefe9de16bfa16f04ca68f3b1
SSDEEP

24576:7sqZhvnhHXuhshNjm3Bp6gDgR16lwzBWa4ww649TrHg29XE/PhrgyUkNR9:JhvnhHXuhshNjK8AlGWao8rgyUk

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118

description ioc process

File opened for reading /proc/cpuinfo 93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118
Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery
T1082

Processes:

93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118

description ioc process

File opened for reading /sys/devices/system/cpu/online 93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118

description	ioc	process
File opened for reading	/proc/cpuinfo	93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118

Reads runtime system information 7 IoCs

Reads data from /proc virtual filesystem.

Processes:

mvsedsedsedsedsedsed

description	ioc	process
File opened for reading	/proc/filesystems	mv
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed

/tmp/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118
/tmp/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118
1⤵
- Checks CPU configuration
- Reads CPU attributes
PID:1496

/bin/sh
sh -c "chmod +x /etc/rc.local"
2⤵
PID:1497

/bin/chmod
chmod +x /etc/rc.local
3⤵
PID:1498

/bin/sh
sh -c "mv /tmp/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118 /etc/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118"
2⤵
PID:1499

/bin/mv
mv /tmp/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118 /etc/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118
3⤵
- Reads runtime system information
PID:1500

/bin/sh
sh -c "cd /etc;chmod 777 93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118"
2⤵
PID:1501

/bin/chmod
chmod 777 93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118
3⤵
PID:1502

/bin/sh
sh -c "sed -i -e '/exit/d' /etc/rc.local"
2⤵
PID:1503

/bin/sed
sed -i -e /exit/d /etc/rc.local
3⤵
- Reads runtime system information
PID:1504

/bin/sh
sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
2⤵
PID:1505

/bin/sed
sed -i -e "/^ | | \$/d" /etc/rc.local
3⤵
- Reads runtime system information
PID:1506

/bin/sh
sh -c "sed -i -e '/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118/d' /etc/rc.local"
2⤵
PID:1507

/bin/sed
sed -i -e /93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118/d /etc/rc.local
3⤵
- Reads runtime system information
PID:1508

/bin/sh
sh -c "sed -i -e '2 i/etc/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118 reboot' /etc/rc.local"
2⤵
PID:1509

/bin/sed
sed -i -e "2 i/etc/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118 reboot" /etc/rc.local
3⤵
- Reads runtime system information
PID:1510

/bin/sh
sh -c "sed -i -e '2 i/etc/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118 start' /etc/rc.d/rc.local"
2⤵
PID:1511

/bin/sed
sed -i -e "2 i/etc/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118 start" /etc/rc.d/rc.local
3⤵
- Reads runtime system information
PID:1512

/bin/sh
sh -c "sed -i -e '2 i/etc/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118 start' /etc/init.d/boot.local"
2⤵
PID:1513

/bin/sed
sed -i -e "2 i/etc/93e2b0a77052b368554bb3c0e2a1e64b_JaffaCakes118 start" /etc/init.d/boot.local
3⤵
- Reads runtime system information
PID:1514

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads