b56c9647fa8e06213d0eeaf6542a6b15d5d96d074b2cfdc7229b8d97e3134017

Analysis

max time kernel
120s
max time network
140s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
18-09-2024 06:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

e8835433c962ff9bdc01d636ec60e84f_JaffaCakes118
Size

105KB
MD5

e8835433c962ff9bdc01d636ec60e84f
SHA1

4ff03e052679feb2fe227a2e60b3ad552735448d
SHA256

b56c9647fa8e06213d0eeaf6542a6b15d5d96d074b2cfdc7229b8d97e3134017
SHA512

2706633074883923b7bb601bada972aab812b03012eb2ed31a4b4170e148d5ec8ae93b7636c5aa6c5e48eb7936164b50036ed95a635f6cafed468c71af0b8c19
SSDEEP

3072:wcrCEtwwHH12Kk2oQOGqEphahyDtjoKt28wdOD:dH8Kk5PEphahyDtjoKt28wdOD

Score

7^/10

discovery

Malware Config

Signatures

Deletes itself 1 IoCs

pid	Process
2459	e8835433c962ff9bdc01d636ec60e84f_JaffaCakes118

Reads system routing table 1 TTPs 1 IoCs

Gets active network interfaces from /proc virtual filesystem.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	e8835433c962ff9bdc01d636ec60e84f_JaffaCakes118

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	6tdpqv6tpwx1466qz8qi5q2qi48ptcp4	2459	e8835433c962ff9bdc01d636ec60e84f_JaffaCakes118

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/route	e8835433c962ff9bdc01d636ec60e84f_JaffaCakes118

/tmp/e8835433c962ff9bdc01d636ec60e84f_JaffaCakes118
/tmp/e8835433c962ff9bdc01d636ec60e84f_JaffaCakes118
1⤵
- Deletes itself
- Reads system routing table
- Changes its process name
- Reads system network configuration
PID:2459

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads