cb338967d877dff6129806568b7e201bba2b45da24943f1d5686d6b200670786

Analysis

max time kernel
149s
max time network
128s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
28/07/2024, 01:37

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

050f2541b0ff97734b066f33be89f53d_JaffaCakes118
Size

1.3MB
MD5

050f2541b0ff97734b066f33be89f53d
SHA1

a0ce2fa27c8ec790e62bf926560fe8c10956b737
SHA256

cb338967d877dff6129806568b7e201bba2b45da24943f1d5686d6b200670786
SHA512

8b78e89dcedb1fa9e505e94084295c8d9872ef02008fc074e9f266272e9243b0936150579d3b652ee1a87e3ecc18b6b34243115bafd1dfc2b9b46073f6f329e3
SSDEEP

24576:fAg0g+3YAqKbwt6Mleiv8x7HBruOmjqD0rV8T5KWs2/wgLg6Yvz1VVbBHpusVmMS:og01IAqHtZleikDuOGqYrVy5Kd2/hJYw

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened for reading	/proc/cpuinfo	050f2541b0ff97734b066f33be89f53d_JaffaCakes118

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/dev	050f2541b0ff97734b066f33be89f53d_JaffaCakes118

Reads runtime system information 2 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/sys/kernel/version	050f2541b0ff97734b066f33be89f53d_JaffaCakes118
File opened for reading	/proc/stat	050f2541b0ff97734b066f33be89f53d_JaffaCakes118

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/050f2541b0ff97734b066f33be89f53d_JaffaCakes118\xmit.ini	050f2541b0ff97734b066f33be89f53d_JaffaCakes118

/tmp/050f2541b0ff97734b066f33be89f53d_JaffaCakes118
/tmp/050f2541b0ff97734b066f33be89f53d_JaffaCakes118
1⤵
- Checks CPU configuration
- Reads system network configuration
- Reads runtime system information
- Writes file to tmp directory
PID:1513

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

System Network Configuration Discovery

T1016

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads