Analysis

  • max time kernel
    149s
  • max time network
    148s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    28-07-2024 16:40

General

  • Target

    17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118

  • Size

    2.4MB

  • MD5

    17f5e59fcd4e55d0cc56e080fe5ce4b4

  • SHA1

    4e7dfdc42b1364fcc47d49664220c99891daa761

  • SHA256

    512183f4f032655ddcc163c995e3da7d7aa37202e457fb25c212cfc45c3f2e5f

  • SHA512

    458ea7bcf2e8dcfd49601df7f79a9932276d9066b59b740d5fecd342a4de0a93a0707cc72283380b15f8ad8562280ba784fa826fbcf095e7a18ef8a6cbbeeeaf

  • SSDEEP

    49152:GcXSFzulIxJ2lG4EmR8pfbTZsDjai1HrkEgJRuYaEWJbiGVetR65nZmRHX0gFJKM:GcXS1ulIxJ2lGHpfbTZsDjDaRnkiGURJ

Score
7/10

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118
    /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118
    1⤵
      PID:1508
      • /bin/sh
        sh -c "cp /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118 /tmp/conimet"
        2⤵
          PID:1509
          • /usr/bin/cp
            cp /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118 /tmp/conimet
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1510
        • /bin/sh
          sh -c "cp /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118 /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118a"
          2⤵
            PID:1512
            • /usr/bin/cp
              cp /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118 /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118a
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1513
          • /tmp/conimet
            /tmp/conimet /tmp/conimet 1
            2⤵
            • Deletes itself
            • Executes dropped EXE
            PID:1511
        • /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118a
          /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118a /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1514
          • /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118
            2⤵
            • Executes dropped EXE
            • Checks CPU configuration
            • Reads system network configuration
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1515
          • /bin/sh
            sh -c "cp /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118a /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118"
            2⤵
              PID:1520
              • /usr/bin/cp
                cp /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118a /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1521

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/17f5e59fcd4e55d0cc56e080fe5ce4b4_JaffaCakes118

            Filesize

            1.4MB

            MD5

            dffc8eaf00c21b5c1c273c7e265229e0

            SHA1

            45d44447b31fd18495e5bbd26f01d935e5f9424b

            SHA256

            f6260c40e72cf02acdc0c7ce7fe8ae4d3455500e8fb2f7a7caf6a34a6506a44a

            SHA512

            1517c24518a91ea25bd3ac712daa9f67637d48860e51602ce59a1de4741dda6f8cda63c08390c6c879da9a8e63691446480cc560118dd6edb5cb75e1ebac1f41

          • /tmp/conimet

            Filesize

            2.4MB

            MD5

            17f5e59fcd4e55d0cc56e080fe5ce4b4

            SHA1

            4e7dfdc42b1364fcc47d49664220c99891daa761

            SHA256

            512183f4f032655ddcc163c995e3da7d7aa37202e457fb25c212cfc45c3f2e5f

            SHA512

            458ea7bcf2e8dcfd49601df7f79a9932276d9066b59b740d5fecd342a4de0a93a0707cc72283380b15f8ad8562280ba784fa826fbcf095e7a18ef8a6cbbeeeaf