Malware Analysis Report

2024-10-24 21:20

Sample ID 240728-dnj87avcqr
Target 06b8faa12c110dd460cf40964272ad03_JaffaCakes118
SHA256 d251abfc4663c07288783fa9f0c8203a138994e4a4954df7f074720243db70b4
Tags
antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

d251abfc4663c07288783fa9f0c8203a138994e4a4954df7f074720243db70b4

Threat Level: Likely benign

The file 06b8faa12c110dd460cf40964272ad03_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

antivm

Checks CPU configuration

Reads runtime system information

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-28 03:09

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-28 03:09

Reported

2024-07-29 12:18

Platform

ubuntu2204-amd64-20240729-en

Max time kernel

148s

Max time network

147s

Command Line

[/tmp/06b8faa12c110dd460cf40964272ad03_JaffaCakes118]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/06b8faa12c110dd460cf40964272ad03_JaffaCakes118 N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/stat /tmp/06b8faa12c110dd460cf40964272ad03_JaffaCakes118 N/A
File opened for reading /proc/sys/kernel/version /tmp/06b8faa12c110dd460cf40964272ad03_JaffaCakes118 N/A

Processes

/tmp/06b8faa12c110dd460cf40964272ad03_JaffaCakes118

[/tmp/06b8faa12c110dd460cf40964272ad03_JaffaCakes118]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp
US 45.34.191.157:7777 tcp

Files

/var/tmp/test.log

MD5 f11a425906289abf8cce1733622834c8
SHA1 a2e120b6c6effab16d8734ea6e56e80a28858742
SHA256 a6e9c6e238daf6212dfc51a42dc5c6809b3100a68d2323b6a598995e81a4a100
SHA512 1226bc52078c74e0799dac50ef3d7b94a3261c9c64aa4185612ec2a18bec9f5226bca12fe02f7c37ba62a272c971fc6bc47cbfd1c1aa8095479a3b9da9b3fe7a

/var/tmp/test.log

MD5 955111eaed592e52b01f09789888ed77
SHA1 37d4192028e9fe61314294cdf8dd723dd04ac081
SHA256 566c3e4166ca8043954378a6538ef5be1fd7ecef557154ac629cb695ab08ff4a
SHA512 ef73eba5340f241d238ca7ab97e30a6fde9972cef788d7028d66d03378f91de06449998793dea50acf2b39b9f08055e9af28b99f4b002f2567c90f0b0a5cd79f

/var/tmp/test.log

MD5 7fb485fd19de98659b0cd0946a61b2de
SHA1 1b390c8d0da64c7437dedc2290354af6d4d8583d
SHA256 42eff2c3c99d2f2cda3d22ee86ceec0ccd1afe0513bf68093483e19976da0bad
SHA512 dd78f8c9f23ee4ee2008cd8c381e9d79d0f3e4b120f15db74eb65603d986a27360e8206ca8c2f25f2c26d0d8276e024db6b927b1259392f9094085570b58d12e

/var/tmp/test.log

MD5 fd82dcf94e03be08fa121a27adbc7a20
SHA1 7a86789fb97c45df9b3ba69331784747dad96f9f
SHA256 86f7fd1c002ed4fb1c204d39a96dd0b3ee0fe3a6232f0c06cfa7a88e67094ea3
SHA512 b60ea60dac9b08165738dbf68d98751b62061f0e5cfd87ca26c665c04222e369c17b2bcd6d26c62f3eeed876110a94c7f2db8d3539e38a43f2a0579047ede9da

/var/tmp/test.log

MD5 1266b9f24ec2d0d1c52dfcf2c205c0ea
SHA1 fe11e870d96f8715d25aacd8822f761d4593a45e
SHA256 323e0113b732e1466d02111a7dd58cd99de8239a50ef4be2928c997350af789b
SHA512 0d9277a04fe5b8c473835964064c2ee277fe4fe8372c91bf0a8c3765b07e2675e82c19f572eeab82e3f550e58f6d4362d3c240d1e4d2ab0a3ab1cc08a8d8854e

/var/tmp/test.log

MD5 3be21021e91addc57778224f1fb8b2bc
SHA1 dffe77de856e15ffa43ea40724b78ab40d381af2
SHA256 c6501c5c1016608e7e183b8e72d267520112fb55830f560f02b51e8856ba2782
SHA512 5e040c186f22fcba55b7e71c6e3ae2938f74bfa3cb86c16e0fe263f997a3b544781f126758f960e204f351ff0399263e02dbcfb8c086c7de10d2a776135ac2ae