Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    30-08-2024 08:12

General

  • Target

    ca785e533e644889320e1c4782debf7b_JaffaCakes118

  • Size

    1.1MB

  • MD5

    ca785e533e644889320e1c4782debf7b

  • SHA1

    81c26ef5d51bc1e93abe5d56de9d68ebf6e3b42e

  • SHA256

    d4a70373861d049caeff39740346b3121cef99571f5591e6ca18c3f76b95657c

  • SHA512

    267efd0fb5c9771367f7ad3d370e1d6083eedd7c302c4b08560bae204d8904ba5e32ef840249a1f668e707d8e09a8f43a22d6927f0ebc2b825eaa2a5f4a3094e

  • SSDEEP

    24576:8SlXre0q1r+GsNUV81TSCi1RAi2siFvO0LxT0OhCw3Tjkz3YPbk:8SNt4rONU6NO2JvLxIFwjon

Score
7/10

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118
    /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118
    1⤵
      PID:1573
      • /bin/sh
        sh -c "cp /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118 /tmp/freeBSD"
        2⤵
          PID:1587
          • /usr/bin/cp
            cp /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118 /tmp/freeBSD
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1589
        • /tmp/freeBSD
          /tmp/freeBSD /tmp/freeBSD 1
          2⤵
          • Deletes itself
          • Executes dropped EXE
          PID:1590
        • /bin/sh
          sh -c "cp /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118 /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118a"
          2⤵
            PID:1591
            • /usr/bin/cp
              cp /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118 /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118a
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1600
        • /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118a
          /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118a /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1605
          • /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118
            2⤵
            • Executes dropped EXE
            • Checks CPU configuration
            • Reads system network configuration
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1606
          • /bin/sh
            sh -c "cp /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118a /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118"
            2⤵
              PID:1616
              • /usr/bin/cp
                cp /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118a /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1617

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/ca785e533e644889320e1c4782debf7b_JaffaCakes118

            Filesize

            1.3MB

            MD5

            91450d6fa9824d86424ccaae4e089629

            SHA1

            961b2f27081ee83b43ec6b0dd2d1aea59942d3f0

            SHA256

            aa9d435d8a7e9331a9d2400435e6c98ed876050f6acd0a2ecfa3eb3435ed8221

            SHA512

            d93f44c8c1af0047baa261bdca2dc60d1d4c28c8e0adcb65c1eb8f411c951dda49bad7eb69e82ac9cc0a808db8048740d68dc58aa13759eba575ae975c869da8

          • /tmp/freeBSD

            Filesize

            1.1MB

            MD5

            ca785e533e644889320e1c4782debf7b

            SHA1

            81c26ef5d51bc1e93abe5d56de9d68ebf6e3b42e

            SHA256

            d4a70373861d049caeff39740346b3121cef99571f5591e6ca18c3f76b95657c

            SHA512

            267efd0fb5c9771367f7ad3d370e1d6083eedd7c302c4b08560bae204d8904ba5e32ef840249a1f668e707d8e09a8f43a22d6927f0ebc2b825eaa2a5f4a3094e