Overview

overview

4

Static

static

1

15c7b60032...kes118

ubuntu-18.04-amd64

4

15c7b60032...kes118

debian-9-armhf

4

15c7b60032...kes118

debian-9-mips

4

15c7b60032...kes118

debian-9-mipsel

4

Analysis

  • max time kernel
    11s
  • max time network
    131s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    27-06-2024 11:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    15c7b600329249a4895395e61a9a88fe_JaffaCakes118

  • Size

    1KB

  • MD5

    15c7b600329249a4895395e61a9a88fe

  • SHA1

    9b0ea0243e1c9b94847c11f7b444122d41740a58

  • SHA256

    90be418508dffa4910e0fd27fd29627260bb3fab2147344c624f99c51fd56404

  • SHA512

    5cec126597949a66c1bb4a7c92a96f0d48b4b4db1557848692179bd09ba065c6a9e1d4d17335cf967489f0d853a03568dbf208af60e17eafc3931ca3ac9fc04d

Score
4/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads CPU attributes 1 TTPs 2 IoCs
  • Reads runtime system information 6 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
    /tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
    1⤵
    • Writes file to tmp directory
    PID:1497
    • /bin/uname
      uname -a
      2⤵
        PID:1498
      • /bin/grep
        grep inet
        2⤵
          PID:1500
        • /sbin/ifconfig
          /sbin/ifconfig
          2⤵
            PID:1499
          • /usr/bin/uptime
            uptime
            2⤵
            • Reads CPU attributes
            • Reads runtime system information
            PID:1501
          • /bin/cat
            cat /proc/cpuinfo
            2⤵
            • Checks CPU configuration
            PID:1502
          • /bin/cat
            cat /etc/passwd
            2⤵
              PID:1503
            • /bin/cat
              cat /etc/shadow
              2⤵
                PID:1504
              • /bin/df
                df -h
                2⤵
                • Reads runtime system information
                PID:1505
              • /usr/bin/free
                free
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:1506
              • /bin/ping
                ping -c 2 216.115.108.245
                2⤵
                  PID:1507
                • /bin/cat
                  cat /etc/hosts
                  2⤵
                    PID:1512
                  • /bin/sleep
                    sleep 5
                    2⤵
                      PID:1515
                    • /bin/cat
                      cat info2
                      2⤵
                        PID:1524
                      • /bin/uname
                        uname -a
                        2⤵
                          PID:1526
                        • /bin/sleep
                          sleep 5
                          2⤵
                            PID:1527

                        Network

                        MITRE ATT&CK Enterprise v15

                        Replay Monitor

                        Loading Replay Monitor...

                        Downloads

                        • /tmp/info2
                          Filesize

                          4B

                          MD5

                          2bb6aed5111ef9726bcf6eef982ff32b

                          SHA1

                          4d49d894436449e792b0cdf8522584065b298c90

                          SHA256

                          e5e61fed291cefe8bd2c2b895b3001e679931c3d93f3597fb5e27b5bcae8f825

                          SHA512

                          5c0aa37c6fa67edf72abdd2f7789538d0a2c12a1fec2dc575ee1df3c1874a4bda33259b3b60127ef4365410d85c742a0fb463f920b99c30863ff3c502494b3bf

                          Download Submit

                        • /tmp/info2
                          Filesize

                          136B

                          MD5

                          335ece3e9dba12747d3e10bb8db453dd

                          SHA1

                          03c7fbd3b7ac9aea1fb78136361a948513d89ee8

                          SHA256

                          ca61c9a13c329ab2e5b8171436f31ddea0d2283f7a2616e2d50e4656f9c63be4

                          SHA512

                          3c9e53b8c10ee9c8b8c727d9ed897b88773d2b201d961b945a0afdfe627bfe04ca258b35f2d409f9e4d93ac117bce3f503c29f36c4a65d0c4d389d181959a32e

                          Download Submit

                        • /tmp/info2
                          Filesize

                          140B

                          MD5

                          b0b11628c9fc34dacdfa7064ad4e04b0

                          SHA1

                          e214b69b58448da323912968aad22e9148704847

                          SHA256

                          caa61489c7e16b8d6d829b03db34fa7b5d878adc6eaca3bb755fdab2749d3f52

                          SHA512

                          def71617c0672e34b8a98d4a6c851d36b839895d5b84d48dc4ee3023aff12072b1bbbc26f822aa2c17c6b935325d5fb7b7f4116cf87e1ac472eb1e73d1cecfcc

                          Download Submit

                        • /tmp/info2
                          Filesize

                          141B

                          MD5

                          29ebed68cace8f8b5105c01253263b8e

                          SHA1

                          f1f23c180947993968dd7ace165936e21f598ac4

                          SHA256

                          4258bd3c42b7e89fbb33d60c5f2adc4216e87c77643202f7caecde87ac87c9ab

                          SHA512

                          39e8b1c4c6f8ac6634f4581bc152aaa2402a9cd99eccfb4430de0d694306390808cacab654e079ec2df779f9b7844a44277fc1039f4a403a98a5ebcdcdd53bac

                          Download Submit

                        • /tmp/info2
                          Filesize

                          155B

                          MD5

                          8cb7586a325ebd65d8e4f23246986562

                          SHA1

                          48c5f5806446ecf76120daf4336bdf755f518ac3

                          SHA256

                          460c7ebd8b4f7c14b75e05d96307796cfb092fa88a8c0915e7ea115c9846f478

                          SHA512

                          a6adb0766e868481f2739010042554be44d90a1a9ea3c97411547579c55588bc3544227a2d73e8a966c0230a205a7c96d99e122ba832904376edc3787714453a

                          Download Submit

                        • /tmp/info2
                          Filesize

                          5KB

                          MD5

                          f98849479006f7b7801f2c55e02be569

                          SHA1

                          27701cea48f1e0fd27586e0976c8b12f7195f29a

                          SHA256

                          e47942d84e33bdd142e170dbf479f017ee801d6c4007737f43eae9030e784782

                          SHA512

                          b32b4cf0d6fddf752d80b388572d0e96740525f3ac895321c03d987fda6926940160b7944aeacbe31bf47e9b6915dc3ec9c0ecb94e580e79fdd16c826abdc732

                          Download Submit