746fd8e299a5542658c051d08765f327f3c3e48248698a29cf57f151a282b157

Analysis

max time kernel
149s
max time network
147s
platform
debian-9_mips
resource
debian9-mipsbe-20240418-en
resource tags

arch:mipsimage:debian9-mipsbe-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
submitted
11/08/2024, 15:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

8adfc3cc5e225440684e74b7f7994933_JaffaCakes118
Size

1.1MB
MD5

8adfc3cc5e225440684e74b7f7994933
SHA1

fbc72c5bc436a7565d994886e238b80731e373b8
SHA256

746fd8e299a5542658c051d08765f327f3c3e48248698a29cf57f151a282b157
SHA512

e9dda159470640c11a6832f8d6be355d90b32c9c1fa7b938b47fc37fdeb459ccb17a8edeed8e0c065f107c7b04eed4b8dea5290543564a7732d3ae8c4c57acfa
SSDEEP

24576:qsFkPsgRseqq7s7L23vHkF/CZ5lfwNjcpzdmMqMSjG2oedCp/mpyS1tFhextK:leLsL23vEF/CZ5lfwNjcpzdmMqMSjG2F

Score

4^/10

Malware Config

Signatures

Reads CPU attributes 1 TTPs 1 IoCs

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/devices/system/cpu/online	8adfc3cc5e225440684e74b7f7994933_JaffaCakes118

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

System Network Configuration Discovery

T1016

description	ioc	Process
File opened for reading	/proc/net/dev	8adfc3cc5e225440684e74b7f7994933_JaffaCakes118

Reads runtime system information 7 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/stat	8adfc3cc5e225440684e74b7f7994933_JaffaCakes118
File opened for reading	/proc/filesystems	sed
File opened for reading	/proc/filesystems	sed

/tmp/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118
/tmp/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118
1⤵
- Reads CPU attributes
- Reads system network configuration
- Reads runtime system information
PID:705
- /bin/sh
  sh -c "sed -i -e '/exit/d' /etc/rc.local"
  2⤵
  PID:707
- - /bin/sed
    sed -i -e /exit/d /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:708
- /bin/sh
  sh -c "sed -i -e '/^ | | \$/d' /etc/rc.local"
  2⤵
  PID:711
- - /bin/sed
    sed -i -e "/^ | | \$/d" /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:713
- /bin/sh
  sh -c "sed -i -e '/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118 reboot/d' /etc/rc.local"
  2⤵
  PID:718
- - /bin/sed
    sed -i -e "/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118 reboot/d" /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:720
- /bin/sh
  sh -c "sed -i -e '2 i/tmp/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118 reboot' /etc/rc.local"
  2⤵
  PID:723
- - /bin/sed
    sed -i -e "2 i/tmp/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118 reboot" /etc/rc.local
    3⤵
    - Reads runtime system information
    PID:725
- /bin/sh
  sh -c "sed -i -e '2 i/tmp/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118 reboot start' /etc/rc.d/rc.local"
  2⤵
  PID:727
- - /bin/sed
    sed -i -e "2 i/tmp/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118 reboot start" /etc/rc.d/rc.local
    3⤵
    - Reads runtime system information
    PID:729
- /bin/sh
  sh -c "sed -i -e '2 i/tmp/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118 reboot start' /etc/init.d/boot.local"
  2⤵
  PID:732
- - /bin/sed
    sed -i -e "2 i/tmp/8adfc3cc5e225440684e74b7f7994933_JaffaCakes118 reboot start" /etc/init.d/boot.local
    3⤵
    - Reads runtime system information
    PID:734

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...