Analysis

  • max time kernel
    149s
  • max time network
    134s
  • platform
    ubuntu-20.04_amd64
  • resource
    ubuntu2004-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system
  • submitted
    31-08-2024 09:01

General

  • Target

    cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118

  • Size

    1.1MB

  • MD5

    cc85aa29aaefeb42659d1fea3a84bf91

  • SHA1

    cdaed4c668a6028337855f156556c311e0c3fc3e

  • SHA256

    1511b961af2df26097d353ea30e24acc5372af97c77dd510ed42a7526005535e

  • SHA512

    5ece883badd8f84e9be54d2b6303913243c3cda2d76e40bd8a60952743d5cb90437e600cdbb295ae2e751315e0b0ccbbd85b2c24b7475e7e720a54bd512d4200

  • SSDEEP

    24576:8SlXre0q1r+GsNUV81TSCi1R5qoaMeLCA10vbG62OgH4/okMcEbpdUu58:8SNt4rONU6NUqoaVbKFgHCofcENdUu58

Score
7/10

Malware Config

Signatures

  • Deletes itself 2 IoCs
  • Executes dropped EXE 3 IoCs
  • UPX packed file 1 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 5 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 5 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118
    /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118
    1⤵
      PID:1404
      • /bin/sh
        sh -c "cp /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118 /tmp/freeBSD"
        2⤵
          PID:1405
          • /usr/bin/cp
            cp /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118 /tmp/freeBSD
            3⤵
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1406
        • /tmp/freeBSD
          /tmp/freeBSD /tmp/freeBSD 1
          2⤵
          • Deletes itself
          • Executes dropped EXE
          PID:1410
        • /bin/sh
          sh -c "cp /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118 /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118a"
          2⤵
            PID:1411
            • /usr/bin/cp
              cp /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118 /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118a
              3⤵
              • Reads runtime system information
              • Writes file to tmp directory
              PID:1412
        • /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118a
          /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118a /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118
          1⤵
          • Deletes itself
          • Executes dropped EXE
          • Writes file to tmp directory
          PID:1413
          • /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118
            2⤵
            • Executes dropped EXE
            • Checks CPU configuration
            • Reads system network configuration
            • Reads runtime system information
            • Writes file to tmp directory
            PID:1414
          • /bin/sh
            sh -c "cp /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118a /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118"
            2⤵
              PID:1415
              • /usr/bin/cp
                cp /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118a /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118
                3⤵
                • Reads runtime system information
                • Writes file to tmp directory
                PID:1418

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /tmp/cc85aa29aaefeb42659d1fea3a84bf91_JaffaCakes118

            Filesize

            1.3MB

            MD5

            9cc45ca3218455a6d9fc20da1d7876e2

            SHA1

            4122ab96334e9745a7f1b06c6d3da9048a9bdab4

            SHA256

            08345e090465730e6b37c9c67b98d391880064db3e2d01d4adde4b113f276dc6

            SHA512

            c2a13b9b370ed401145200be47e60f89c0607d547e3b897c8751911ff1424da29ec3149d7fe07fcedba948f5392f39dfff7802a739933734249eb969db1422e7

          • /tmp/freeBSD

            Filesize

            1.1MB

            MD5

            cc85aa29aaefeb42659d1fea3a84bf91

            SHA1

            cdaed4c668a6028337855f156556c311e0c3fc3e

            SHA256

            1511b961af2df26097d353ea30e24acc5372af97c77dd510ed42a7526005535e

            SHA512

            5ece883badd8f84e9be54d2b6303913243c3cda2d76e40bd8a60952743d5cb90437e600cdbb295ae2e751315e0b0ccbbd85b2c24b7475e7e720a54bd512d4200