1508b00b2e19baf5908399611bdf94543b91a4fc9fca2eaeee3d7687f5401a0c

Analysis

max time kernel
139s
max time network
148s
platform
ubuntu-24.04_amd64
resource
ubuntu2404-amd64-20240523-en
resource tags

arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
submitted
26/09/2024, 13:11

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

f8718add84732dd6660894179dbfccd8_JaffaCakes118
Size

8.2MB
MD5

f8718add84732dd6660894179dbfccd8
SHA1

4068a93f57e927ae34a4b269772672bbca7721c0
SHA256

1508b00b2e19baf5908399611bdf94543b91a4fc9fca2eaeee3d7687f5401a0c
SHA512

b62a232ff83421c0373b2269ac884f1bbfecf46d1225ef6979faa5248d97238e789dc8d69de0c3617929045342e91ae983f9aeccb168331b4526cf3ab2ebaf8c
SSDEEP

49152:fiLFADAYRjNVSxL2uT+sl1Yot57L/7/FmHCPb9b/c1f77MzJ471ac1m4tazngbW/:XaxMutFL/BwabreC4z6hLD7RBxtqNOX

Score

6^/10

antivm discovery execution persistence privilege_escalatio

Malware Config

Signatures

Creates/modifies Cron job 1 TTPs 1 IoCs

Cron allows running tasks on a schedule, and is commonly used for malware persistence.

execution persistence privilege_escalatio

Cron

T1053.003

description	ioc	Process
File opened for modification	/var/spool/cron/crontabs/tmp.oWZaVT	crontab

Checks CPU configuration 1 TTPs 2 IoCs

Checks CPU information which indicate if the system is a virtual machine.

antivm

System Checks

T1497.001

description	ioc	Process
File opened for reading	/proc/cpuinfo	cat
File opened for reading	/proc/cpuinfo	cat

Reads runtime system information 4 IoCs

Reads data from /proc virtual filesystem.

discovery

description	ioc	Process
File opened for reading	/proc/sys/net/core/somaxconn	f8718add84732dd6660894179dbfccd8_JaffaCakes118
File opened for reading	/proc/version	cat
File opened for reading	/proc/sys/net/core/somaxconn	f8718add84732dd6660894179dbfccd8_JaffaCakes118
File opened for reading	/proc/version	cat

System Network Configuration Discovery 1 TTPs 1 IoCs

Adversaries may gather information about the network configuration of a system.

discovery

System Network Configuration Discovery

T1016

pid	Process
2506	crontab

Writes file to tmp directory 3 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/.pid	f8718add84732dd6660894179dbfccd8_JaffaCakes118
File opened for modification	/tmp/nip9iNeiph5chee	f8718add84732dd6660894179dbfccd8_JaffaCakes118
File opened for modification	/tmp/[stealth].pid	f8718add84732dd6660894179dbfccd8_JaffaCakes118

/tmp/f8718add84732dd6660894179dbfccd8_JaffaCakes118
/tmp/f8718add84732dd6660894179dbfccd8_JaffaCakes118
1⤵
- Reads runtime system information
- Writes file to tmp directory
PID:2482
- /usr/bin/cat
  cat /proc/version
  2⤵
  - Reads runtime system information
  PID:2487
- /usr/bin/cat
  cat /proc/cpuinfo
  2⤵
  - Checks CPU configuration
  PID:2489
- /usr/bin/uname
  uname -a
  2⤵
  PID:2490
- /usr/bin/getconf
  getconf LONG_BIT
  2⤵
  PID:2492
- /tmp/f8718add84732dd6660894179dbfccd8_JaffaCakes118
  "[stealth]"
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:2493
- - /usr/bin/cat
    cat /proc/version
    3⤵
    - Reads runtime system information
    PID:2500
- - /usr/bin/cat
    cat /proc/cpuinfo
    3⤵
    - Checks CPU configuration
    PID:2502
- - /usr/bin/uname
    uname -a
    3⤵
    PID:2504
- - /usr/bin/getconf
    getconf LONG_BIT
    3⤵
    PID:2505
- - /usr/bin/crontab
    /usr/bin/crontab /tmp/nip9iNeiph5chee
    3⤵
    - Creates/modifies Cron job
    - System Network Configuration Discovery
    PID:2506

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Cron

T1053.003

Persistence

Scheduled Task/Job

T1053

Cron

T1053.003

Privilege Escalation

Scheduled Task/Job

T1053

Cron

T1053.003

Defense Evasion

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Credential Access

Discovery

System Network Configuration Discovery

T1016

Virtualization/Sandbox Evasion

T1497

System Checks

T1497.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/.pid

Filesize
4B

MD5
8a20a8621978632d76c43dfd28b67767

SHA1
e49dbfbfaa86b43a427503610f86eb84cffc1edd

SHA256
13b3f39cb74686a176eb0f364ffe4e5e38c9bfa5bb9a8bd1624135ce306ef3d0

SHA512
f38508b4489e78cbe3ed9a84dfafce6bbb5091d36cc4b5b662ee93b3dcd7e2884b82c7c45643f8de9887948d9c8aa2aea2176e7a48160bc9b8e0f6bea47b1b8e

Download Submit
/tmp/nip9iNeiph5chee

Filesize
80B

MD5
bbfe70cc45df8956983ad95b5d4dcb3f

SHA1
0e5d66900b978ee8f64c420f63dc33874d2d91bb

SHA256
1ebf984c8d57e04b8f9629a5f86f5de6e7e850597265622cb58ded2819072712

SHA512
2d8372c5e3f4a553084548e9350476da620c0dcbc9a322a06c2a0e166c7024236c8c12151a3e13b8377347202b1215e11959d058a27bad1277ac661fa8a26b72

Download Submit
/var/spool/cron/crontabs/tmp.oWZaVT

Filesize
274B

MD5
862672a31dc3feb5c8ada7025987f7e1

SHA1
468e08561fd67546fd1093587b545c2438aa158d

SHA256
1964d6a81d659115b7700fe5523260da7ce45dc57b7a73c14fc67fc5254c8a42

SHA512
df1fb6099dba0479ab83e99617b6f12cc9eea5f7c51e2c7429f48c5a8882e3d4e131bee7947c375bc75dc23b83bfac7697f1478633108da09cd6c38f2123da2b

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads