Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240729-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    29-07-2024 05:26

General

  • Target

    399176415f868f4635f2ebc0f16e4676_JaffaCakes118

  • Size

    2.3MB

  • MD5

    399176415f868f4635f2ebc0f16e4676

  • SHA1

    c6637bb1d77cc394af34c71efd15f9de31210050

  • SHA256

    8e2219230f2e3f5978f48a74e2184a42f4557ea99b9baace3834a73b5f5e3010

  • SHA512

    22d3c07c9b60f8856337bfa32c9f3c3b7fcdc797a3d5b64991afa948d6235ab5bab85658f95c72f8e38996cd0e613df4120d74aa2e03533991487d99d2aba9ad

  • SSDEEP

    49152:FcXS0KUlIx32lkpQmQkpfb4Zs7SLGHrWu9Paue/Rr/S+iGonw3Eb0Q4eHJHme6V4:FcXS1UlIx32lk7pfb4Zs7SL7J1B/SMo9

Score
7/10

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118
    /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118
    1⤵
      PID:1340
      • /bin/sh
        sh -c "cp /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118 /tmp/freeBSD"
        2⤵
          PID:1341
          • /usr/bin/cp
            cp /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118 /tmp/freeBSD
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1342
        • /bin/sh
          sh -c "cp /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118 /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118a"
          2⤵
            PID:1344
            • /usr/bin/cp
              cp /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118 /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118a
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1345
          • /tmp/freeBSD
            /tmp/freeBSD /tmp/freeBSD 1
            2⤵
            • Deletes itself
            • Executes dropped EXE
            PID:1343
        • /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118a
          /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118a /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1346
          • /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118
            2⤵
            • Executes dropped EXE
            • Checks CPU configuration
            • Reads system network configuration
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1347
          • /bin/sh
            sh -c "cp /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118a /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118"
            2⤵
              PID:1353
              • /usr/bin/cp
                cp /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118a /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1354

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/399176415f868f4635f2ebc0f16e4676_JaffaCakes118

            Filesize

            1.3MB

            MD5

            08a05734595d2fdf700b2e4e5e513683

            SHA1

            daa4ca8a22a60845088f0a9f69a9938baea7eecc

            SHA256

            2c801bad37a668d45e125f509dd208473b319b4106b08d706a6a9e71b9753a6d

            SHA512

            380656eed4bcd98cef180dd03745bf6cd607ffb09b82c762d1491f39ee03ad034d0cf27ed92aeae179f65adc149fa91e21e9c8a2fe0a8d6606bbe22a5da5e4b1

          • /tmp/freeBSD

            Filesize

            2.3MB

            MD5

            399176415f868f4635f2ebc0f16e4676

            SHA1

            c6637bb1d77cc394af34c71efd15f9de31210050

            SHA256

            8e2219230f2e3f5978f48a74e2184a42f4557ea99b9baace3834a73b5f5e3010

            SHA512

            22d3c07c9b60f8856337bfa32c9f3c3b7fcdc797a3d5b64991afa948d6235ab5bab85658f95c72f8e38996cd0e613df4120d74aa2e03533991487d99d2aba9ad