Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    27-07-2024 21:59

General

  • Target

    012f908e1c651d794e47178fa27a540c_JaffaCakes118

  • Size

    2.3MB

  • MD5

    012f908e1c651d794e47178fa27a540c

  • SHA1

    faf4ee0b07020a0940c822d609d57977fb5707bb

  • SHA256

    3999afa4fac1040d414538ee7e5f4f4ec1678f28beb4a0445155b55bbd491cc4

  • SHA512

    02adeeefd4b3c937f5704bcbe208e99376a7f1f6410314301bf5320f24b72b18fc1e84aca433549281a3f4575a0d213957d66679d1a4d678d9095b97de20ecf2

  • SSDEEP

    49152:FcXS0KUlIx32lkpQmQkpfb4Zs7SLGHrWu9Paue/gr/S+iGonw3Eb0Q4eHJHme6V4:FcXS1UlIx32lk7pfb4Zs7SL7J1A/SMo9

Score
7/10

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118
    /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118
    1⤵
      PID:1514
      • /bin/sh
        sh -c "cp /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118 /tmp/freeBSD"
        2⤵
          PID:1515
          • /usr/bin/cp
            cp /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118 /tmp/freeBSD
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1516
        • /bin/sh
          sh -c "cp /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118 /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118a"
          2⤵
            PID:1518
            • /usr/bin/cp
              cp /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118 /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118a
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1519
          • /tmp/freeBSD
            /tmp/freeBSD /tmp/freeBSD 1
            2⤵
            • Deletes itself
            • Executes dropped EXE
            PID:1517
        • /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118a
          /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118a /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1520
          • /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118
            2⤵
            • Executes dropped EXE
            • Checks CPU configuration
            • Reads system network configuration
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1521
          • /bin/sh
            sh -c "cp /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118a /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118"
            2⤵
              PID:1527
              • /usr/bin/cp
                cp /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118a /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1528

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/012f908e1c651d794e47178fa27a540c_JaffaCakes118

            Filesize

            1.3MB

            MD5

            d449ecaae747f7cd27adfe47358b366b

            SHA1

            7bc8908a7fa02b525df54b8c8236ae744d56bf60

            SHA256

            ef2943942946fbfd4ce4852f4e1ac443e75f6575f71f7a94a853cfb142ec970d

            SHA512

            2b6ecf953e59b0c0ff0ab19f9a146707bce82258db26b380ed5775b18b542e4e67dcc1bfb24587619a04ff2dc660f284b1dc43ab84adae54df307dedd58e42d0

          • /tmp/freeBSD

            Filesize

            2.3MB

            MD5

            012f908e1c651d794e47178fa27a540c

            SHA1

            faf4ee0b07020a0940c822d609d57977fb5707bb

            SHA256

            3999afa4fac1040d414538ee7e5f4f4ec1678f28beb4a0445155b55bbd491cc4

            SHA512

            02adeeefd4b3c937f5704bcbe208e99376a7f1f6410314301bf5320f24b72b18fc1e84aca433549281a3f4575a0d213957d66679d1a4d678d9095b97de20ecf2