Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    28-07-2024 00:51

General

  • Target

    041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118

  • Size

    833KB

  • MD5

    041f6a1b500fe2a6ed9dbea66c741bd6

  • SHA1

    aab7f55d4e09b3fe17c27189736c391e62e88856

  • SHA256

    bdb1dc0d6bb4a1abe8c68df20f28a484c17fdc97f920d0a1285b245965e2bedf

  • SHA512

    b0e90de75d1c9a85d6649890fad18030ad99c1cfa2f05f76e13c778756da10f47a64dbc7ca15a8737a89080059ed72d11427944208c3d4d34b521c6aac325c20

  • SSDEEP

    24576:4RkqHKolTb+eDYUDztiy6yu3oo6U/Xt8MBiVa14t:4RkpoAiHfwyduYw/98JG4t

Score
7/10

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 4 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118
    /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118
    1⤵
      PID:1510
      • /bin/sh
        sh -c "cp /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118 /tmp/freeBSD"
        2⤵
          PID:1512
          • /bin/cp
            cp /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118 /tmp/freeBSD
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1513
        • /bin/sh
          sh -c "cp /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118 /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118a"
          2⤵
            PID:1515
            • /bin/cp
              cp /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118 /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118a
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1516
          • /tmp/freeBSD
            /tmp/freeBSD /tmp/freeBSD 1
            2⤵
            • Deletes itself
            • Executes dropped EXE
            PID:1514
        • /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118a
          /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118a /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1517
          • /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118
            2⤵
            • Executes dropped EXE
            • Checks CPU configuration
            • Reads system network configuration
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1518
          • /bin/sh
            sh -c "cp /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118a /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118"
            2⤵
              PID:1521
              • /bin/cp
                cp /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118a /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1522

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/041f6a1b500fe2a6ed9dbea66c741bd6_JaffaCakes118

            Filesize

            1.4MB

            MD5

            e81d759964abe7c10d478336a126b70b

            SHA1

            1699583f10309a0633e35fe86e693a0874206695

            SHA256

            69069b25fcec9c1f4977df0790a56bf3db20265ef3c3f1615c5d48e35e9c9bda

            SHA512

            8990e4654f78178c0175f3f6a684e45a7b305e6b80da9d8219022a89d976fa46ce347da26695a6689405a9e496d092f0b0c03471fb7fa857e874b0530dfccc14

          • /tmp/freeBSD

            Filesize

            833KB

            MD5

            041f6a1b500fe2a6ed9dbea66c741bd6

            SHA1

            aab7f55d4e09b3fe17c27189736c391e62e88856

            SHA256

            bdb1dc0d6bb4a1abe8c68df20f28a484c17fdc97f920d0a1285b245965e2bedf

            SHA512

            b0e90de75d1c9a85d6649890fad18030ad99c1cfa2f05f76e13c778756da10f47a64dbc7ca15a8737a89080059ed72d11427944208c3d4d34b521c6aac325c20

          • memory/1510-1-0x0000000008048000-0x00000000082b04dc-memory.dmp

          • memory/1514-2-0x0000000008048000-0x00000000082b04dc-memory.dmp

          • memory/1517-3-0x0000000008048000-0x00000000082b04dc-memory.dmp