Malware Analysis Report

2025-01-23 14:06

Sample ID 240829-s9gshs1fmn
Target c92129fc230bacd113530fee254fc2b6_JaffaCakes118
SHA256 60e24cb19a3cfdc88712f3511adfde242abff3c1915b34eeb19dd7cc72380df2
Tags
antivm
score
4/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
4/10

SHA256

60e24cb19a3cfdc88712f3511adfde242abff3c1915b34eeb19dd7cc72380df2

Threat Level: Likely benign

The file c92129fc230bacd113530fee254fc2b6_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary

antivm

Checks CPU configuration

Reads system network configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-08-29 15:49

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-08-29 15:49

Reported

2024-08-29 15:51

Platform

ubuntu1804-amd64-20240508-en

Max time kernel

149s

Max time network

129s

Command Line

[/tmp/c92129fc230bacd113530fee254fc2b6_JaffaCakes118]

Signatures

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /tmp/c92129fc230bacd113530fee254fc2b6_JaffaCakes118 N/A

Reads system network configuration

Description Indicator Process Target
File opened for reading /proc/net/dev /tmp/c92129fc230bacd113530fee254fc2b6_JaffaCakes118 N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/stat /tmp/c92129fc230bacd113530fee254fc2b6_JaffaCakes118 N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/c92129fc230bacd113530fee254fc2b6_JaffaCakes118\xmit.ini /tmp/c92129fc230bacd113530fee254fc2b6_JaffaCakes118 N/A

Processes

/tmp/c92129fc230bacd113530fee254fc2b6_JaffaCakes118

[/tmp/c92129fc230bacd113530fee254fc2b6_JaffaCakes118]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 198.40.53.109:6009 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 151.101.1.91:443 tcp
GB 195.181.164.14:443 tcp
US 198.40.53.109:6009 tcp
US 198.40.53.109:6009 tcp

Files

N/A