921dda66267b44ac01ac45e2fda0ef34c373fb550ebe0dc699cfa578dbc87eb8

Analysis

max time kernel
149s
max time network
128s
platform
ubuntu-22.04_amd64
resource
ubuntu2204-amd64-20240729-en
resource tags

arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
submitted
10/08/2024, 21:08

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
Size

94KB
MD5

87ae7aa0b34dab70967daf70532f90bb
SHA1

9df47b96cfb39778d14bb01dd492ccf8eb0c7eb6
SHA256

921dda66267b44ac01ac45e2fda0ef34c373fb550ebe0dc699cfa578dbc87eb8
SHA512

3cde9307ddfac4fcc6b71c6390b077d5f59d9b9b2050a0ceba01f4f511643e9905112364e4b0231d160bb6107e27213c7c8c717808c19de52a5b2b30755576d0
SSDEEP

1536:E277J003UDTAUX8ELTXlPZ3KHHnJ3mjMQfbPKiFKjoewTqgqGYl2oPVMtceIt:E277J003uTAUX8OTlPZ3eHJ3i1jyzoeV

Score

7^/10

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
1561	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118

Enumerates running processes
Discovers information about currently running processes on the system

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/route	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118

Reads CPU attributes 1 TTPs 4 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill
File opened for reading	/sys/devices/system/cpu/online	pkill

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/route	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118

Reads runtime system information 64 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/229073/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/362034/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/631192/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/162447/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/306708/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/337454/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/376566/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/436418/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/570362/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/261950/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/948026/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/298455/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/607480/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/797773/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/903328/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/122213/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/483960/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/527054/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/776166/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/350987/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/920572/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/390023/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/624862/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/803285/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/966558/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/984969/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/274167/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/468408/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/576587/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/832008/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/610242/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/639534/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/355163/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/511577/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/770527/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/919337/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/19985/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/119556/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/192336/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/420183/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/470649/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/485888/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/834532/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/960574/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/955735/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/17804/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/74872/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/361506/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/829532/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/315656/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/423933/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/775016/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/440057/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/440892/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/631865/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/862817/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/12667/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/422173/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/8758/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/206888/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/390695/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/493037/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/565945/maps	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
File opened for reading	/proc/600283/cmdline	87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118

/tmp/87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
/tmp/87ae7aa0b34dab70967daf70532f90bb_JaffaCakes118
1⤵
- Deletes itself
- Reads system routing table
- Reads system network configuration
- Reads runtime system information
PID:1561
- /bin/sh
  sh -c "kill -9 1562;pkill -9 1562 "
  2⤵
  PID:1568
- - /usr/bin/pkill
    pkill -9 "1562 "
    3⤵
    - Reads CPU attributes
    PID:1569
- /bin/sh
  sh -c "kill -9 1563;pkill -9 1563 "
  2⤵
  PID:1570
- - /usr/bin/pkill
    pkill -9 "1563 "
    3⤵
    - Reads CPU attributes
    PID:1571
- /bin/sh
  sh -c "kill -9 1564;pkill -9 1564 "
  2⤵
  PID:1572
- - /usr/bin/pkill
    pkill -9 "1564 "
    3⤵
    - Reads CPU attributes
    PID:1576
- /bin/sh
  sh -c "kill -9 1567;pkill -9 1567 "
  2⤵
  PID:1577
- - /usr/bin/pkill
    pkill -9 "1567 "
    3⤵
    - Reads CPU attributes
    PID:1578

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads