Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    28-07-2024 16:39

General

  • Target

    17ebd53ea0834244677e4b6214c69192_JaffaCakes118

  • Size

    2.4MB

  • MD5

    17ebd53ea0834244677e4b6214c69192

  • SHA1

    056a4e25c5e569f46d90d892793b078b131d1132

  • SHA256

    7cfa4573cad5c3387f58cbf1e49ed6210fbeb4de06e814a9b35ecbd933144f0a

  • SHA512

    b82439bbc33253452b3b6985f8638d63c6e3e5dd5e1f2651d8850303b69f31d2cb017360468d3f964bea7c39af97043b687e9e659bd4352562a07e968e8fd258

  • SSDEEP

    49152:GcXSFzulIxJ2lG4EmR8pfbTZsDjai1HrkEgJRuYabWJbiGVetR65nZmRHX0gFJKM:GcXS1ulIxJ2lGHpfbTZsDjDaRnRiGURJ

Score
7/10

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118
    /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118
    1⤵
      PID:1511
      • /bin/sh
        sh -c "cp /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118 /tmp/freeBSD"
        2⤵
          PID:1512
          • /usr/bin/cp
            cp /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118 /tmp/freeBSD
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1513
        • /bin/sh
          sh -c "cp /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118 /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118a"
          2⤵
            PID:1515
            • /usr/bin/cp
              cp /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118 /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118a
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1516
          • /tmp/freeBSD
            /tmp/freeBSD /tmp/freeBSD 1
            2⤵
            • Deletes itself
            • Executes dropped EXE
            PID:1514
        • /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118a
          /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118a /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1517
          • /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118
            2⤵
            • Executes dropped EXE
            • Checks CPU configuration
            • Reads system network configuration
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1518
          • /bin/sh
            sh -c "cp /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118a /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118"
            2⤵
              PID:1523
              • /usr/bin/cp
                cp /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118a /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1524

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/17ebd53ea0834244677e4b6214c69192_JaffaCakes118

            Filesize

            1.4MB

            MD5

            0bc785619a6a46d1f931de5fd34e6912

            SHA1

            aaeece46bda245f0a3199231cfe99837c195b6b5

            SHA256

            19212bbee34e2ed8ec9c583ed3d95d7d682e78895133dc19bf53ddce7e5d69af

            SHA512

            0bf581ff1df47258f19ac060c88b0ec7a06e114c4cec989a3fb27d4ef13b9f7dfccebfc3cf32107c3efbd4ed6b944adbd2cb8abe1739a5621dbf489dacc01494

          • /tmp/freeBSD

            Filesize

            2.4MB

            MD5

            17ebd53ea0834244677e4b6214c69192

            SHA1

            056a4e25c5e569f46d90d892793b078b131d1132

            SHA256

            7cfa4573cad5c3387f58cbf1e49ed6210fbeb4de06e814a9b35ecbd933144f0a

            SHA512

            b82439bbc33253452b3b6985f8638d63c6e3e5dd5e1f2651d8850303b69f31d2cb017360468d3f964bea7c39af97043b687e9e659bd4352562a07e968e8fd258