Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    28-07-2024 04:22

General

  • Target

    08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118

  • Size

    1.1MB

  • MD5

    08e635ad50de0e51bcce87bbae1d424b

  • SHA1

    912579d64cdd6e04a6b7111ea611d1e4fee2e88d

  • SHA256

    63bc03d3d2fe38d005b5ee7f629aa0d9f1b8ebfb415471ee829284267b29450f

  • SHA512

    80f58194aaebb06957e324919a3573d1c0aca7f0766094398010ecf3d84be304e7732e7c60f3f493e1a82c8e1a990ab65a79bb54c044e1f713afb30bccf47670

  • SSDEEP

    24576:8SlXre0q1r+GsNUV81TSCi1RDDJpPX93k1erknwbrA7nrq3BIiZh:8SNt4rONU6NoD3X0ewwnA7nyCiP

Score
7/10

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118
    /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118
    1⤵
      PID:1509
      • /bin/sh
        sh -c "cp /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118 /tmp/freeBSD"
        2⤵
          PID:1510
          • /usr/bin/cp
            cp /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118 /tmp/freeBSD
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1511
        • /bin/sh
          sh -c "cp /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118 /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118a"
          2⤵
            PID:1513
            • /usr/bin/cp
              cp /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118 /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118a
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1514
          • /tmp/freeBSD
            /tmp/freeBSD /tmp/freeBSD 1
            2⤵
            • Deletes itself
            • Executes dropped EXE
            PID:1512
        • /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118a
          /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118a /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1515
          • /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118
            2⤵
            • Executes dropped EXE
            • Checks CPU configuration
            • Reads system network configuration
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1516
          • /bin/sh
            sh -c "cp /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118a /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118"
            2⤵
              PID:1523
              • /usr/bin/cp
                cp /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118a /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1524

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/08e635ad50de0e51bcce87bbae1d424b_JaffaCakes118

            Filesize

            1.3MB

            MD5

            2a2c922ee8da011c0d8f6b4bff7710d9

            SHA1

            825e26405d3d474e82818e23b4851bcd24552479

            SHA256

            5a908ec622fa0dee4aa4eb364d569950c8725c07d16a16a68dc84bed0027608b

            SHA512

            430cf621238637fb0c6191ed0439c472017a7fe2d4855c1205c4dd256141ae49fc00028ab655550592040f7747b4a1ce4131b5e3846e8e8dcfe9d9491046a90d

          • /tmp/freeBSD

            Filesize

            1.1MB

            MD5

            08e635ad50de0e51bcce87bbae1d424b

            SHA1

            912579d64cdd6e04a6b7111ea611d1e4fee2e88d

            SHA256

            63bc03d3d2fe38d005b5ee7f629aa0d9f1b8ebfb415471ee829284267b29450f

            SHA512

            80f58194aaebb06957e324919a3573d1c0aca7f0766094398010ecf3d84be304e7732e7c60f3f493e1a82c8e1a990ab65a79bb54c044e1f713afb30bccf47670

          • memory/1509-1-0x0000000008048000-0x00000000082a063c-memory.dmp

          • memory/1512-2-0x0000000008048000-0x00000000082a063c-memory.dmp

          • memory/1515-3-0x0000000008048000-0x00000000082a063c-memory.dmp