Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    28-07-2024 02:28

General

  • Target

    05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118

  • Size

    821KB

  • MD5

    05f44e74d3557c4e2e43c0b237b0972f

  • SHA1

    9e38cd9c2eb810442bcaa658d301e4777ba3c962

  • SHA256

    7d32806b4bd7f853c7cbfaee0b6a644e3828200a055778275b846cc855bec588

  • SHA512

    bcdb6be64bfb0f66205616be84d39dba0e6cc855ef8b6999deeb456edb03693e6e7d3cb852b7f540d8fd8cb171204556807e72f6ca6af4bd73db908696e8f7d3

  • SSDEEP

    24576:MwijaA7f7G35Mn4Wa50vcKDHf8tG4LFvIhA3n1N39a9O:MwSlfyJq4FivJ8tGEFFP39a4

Score
7/10

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118
    /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118
    1⤵
      PID:1515
      • /bin/sh
        sh -c "cp /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118 /tmp/freeBSD"
        2⤵
          PID:1516
          • /usr/bin/cp
            cp /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118 /tmp/freeBSD
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1517
        • /bin/sh
          sh -c "cp /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118 /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118a"
          2⤵
            PID:1519
            • /usr/bin/cp
              cp /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118 /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118a
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1520
          • /tmp/freeBSD
            /tmp/freeBSD /tmp/freeBSD 1
            2⤵
            • Deletes itself
            • Executes dropped EXE
            PID:1518
        • /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118a
          /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118a /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1521
          • /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118
            2⤵
            • Executes dropped EXE
            • Checks CPU configuration
            • Reads system network configuration
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1522
          • /bin/sh
            sh -c "cp /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118a /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118"
            2⤵
              PID:1528
              • /usr/bin/cp
                cp /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118a /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1529

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/05f44e74d3557c4e2e43c0b237b0972f_JaffaCakes118

            Filesize

            1.3MB

            MD5

            cb8907209654960b42324acee6af2e3c

            SHA1

            3d74c3840178bf9ed9a7627014db33dbd9f8c761

            SHA256

            cc49bbdb1a9232a2694f31159d65197367f8ee28255c7c8995afa25e9dbe3a72

            SHA512

            09dc16e75c46087fc7b6f517c91cab25104302eb039b0a33ac4f8bd048541603c8c951456d15c356e2a2307c46eed40eb9ab3b52a7fc5e91e734b266ca3fa5e8

          • /tmp/freeBSD

            Filesize

            821KB

            MD5

            05f44e74d3557c4e2e43c0b237b0972f

            SHA1

            9e38cd9c2eb810442bcaa658d301e4777ba3c962

            SHA256

            7d32806b4bd7f853c7cbfaee0b6a644e3828200a055778275b846cc855bec588

            SHA512

            bcdb6be64bfb0f66205616be84d39dba0e6cc855ef8b6999deeb456edb03693e6e7d3cb852b7f540d8fd8cb171204556807e72f6ca6af4bd73db908696e8f7d3

          • memory/1515-1-0x0000000008048000-0x00000000082a063c-memory.dmp

          • memory/1518-2-0x0000000008048000-0x00000000082a063c-memory.dmp

          • memory/1521-3-0x0000000008048000-0x00000000082a063c-memory.dmp