90be418508dffa4910e0fd27fd29627260bb3fab2147344c624f99c51fd56404

Analysis

max time kernel
11s
max time network
131s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240611-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
27-06-2024 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15c7b600329249a4895395e61a9a88fe_JaffaCakes118
Size

1KB
MD5

15c7b600329249a4895395e61a9a88fe
SHA1

9b0ea0243e1c9b94847c11f7b444122d41740a58
SHA256

90be418508dffa4910e0fd27fd29627260bb3fab2147344c624f99c51fd56404
SHA512

5cec126597949a66c1bb4a7c92a96f0d48b4b4db1557848692179bd09ba065c6a9e1d4d17335cf967489f0d853a03568dbf208af60e17eafc3931ca3ac9fc04d

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

cat

description ioc process

File opened for reading /proc/cpuinfo cat
Reads CPU attributes 1 TTPs 2 IoCs

System Information Discovery
T1082

Processes:

uptimefree

description ioc process

File opened for reading /sys/devices/system/cpu/online uptime
File opened for reading /sys/devices/system/cpu/online free

description	ioc	process
File opened for reading	/proc/cpuinfo	cat

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	uptime
File opened for reading	/sys/devices/system/cpu/online	free

Reads runtime system information 6 IoCs

Reads data from /proc virtual filesystem.

Processes:

freeuptimedf

description	ioc	process
File opened for reading	/proc/meminfo	free
File opened for reading	/proc/sys/kernel/osrelease	uptime
File opened for reading	/proc/uptime	uptime
File opened for reading	/proc/loadavg	uptime
File opened for reading	/proc/self/mountinfo	df
File opened for reading	/proc/sys/kernel/osrelease	free

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

15c7b600329249a4895395e61a9a88fe_JaffaCakes118

description ioc process

File opened for modification /tmp/info2 15c7b600329249a4895395e61a9a88fe_JaffaCakes118

description	ioc	process
File opened for modification	/tmp/info2	15c7b600329249a4895395e61a9a88fe_JaffaCakes118

/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:1497

/bin/uname
uname -a
2⤵
PID:1498

/bin/grep
grep inet
2⤵
PID:1500

/sbin/ifconfig
/sbin/ifconfig
2⤵
PID:1499

/usr/bin/uptime
uptime
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1501

/bin/cat
cat /proc/cpuinfo
2⤵
- Checks CPU configuration
PID:1502

/bin/cat
cat /etc/passwd
2⤵
PID:1503

/bin/cat
cat /etc/shadow
2⤵
PID:1504

/bin/df
df -h
2⤵
- Reads runtime system information
PID:1505

/usr/bin/free
free
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:1506

/bin/ping
ping -c 2 216.115.108.245
2⤵
PID:1507

/bin/cat
cat /etc/hosts
2⤵
PID:1512

/bin/sleep
sleep 5
2⤵
PID:1515

/bin/cat
cat info2
2⤵
PID:1524

/bin/uname
uname -a
2⤵
PID:1526

/bin/sleep
sleep 5
2⤵
PID:1527

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/info2
Filesize
4B

MD5
2bb6aed5111ef9726bcf6eef982ff32b

SHA1
4d49d894436449e792b0cdf8522584065b298c90

SHA256
e5e61fed291cefe8bd2c2b895b3001e679931c3d93f3597fb5e27b5bcae8f825

SHA512
5c0aa37c6fa67edf72abdd2f7789538d0a2c12a1fec2dc575ee1df3c1874a4bda33259b3b60127ef4365410d85c742a0fb463f920b99c30863ff3c502494b3bf

Download Submit
/tmp/info2
Filesize
136B

MD5
335ece3e9dba12747d3e10bb8db453dd

SHA1
03c7fbd3b7ac9aea1fb78136361a948513d89ee8

SHA256
ca61c9a13c329ab2e5b8171436f31ddea0d2283f7a2616e2d50e4656f9c63be4

SHA512
3c9e53b8c10ee9c8b8c727d9ed897b88773d2b201d961b945a0afdfe627bfe04ca258b35f2d409f9e4d93ac117bce3f503c29f36c4a65d0c4d389d181959a32e

Download Submit
/tmp/info2
Filesize
140B

MD5
b0b11628c9fc34dacdfa7064ad4e04b0

SHA1
e214b69b58448da323912968aad22e9148704847

SHA256
caa61489c7e16b8d6d829b03db34fa7b5d878adc6eaca3bb755fdab2749d3f52

SHA512
def71617c0672e34b8a98d4a6c851d36b839895d5b84d48dc4ee3023aff12072b1bbbc26f822aa2c17c6b935325d5fb7b7f4116cf87e1ac472eb1e73d1cecfcc

Download Submit
/tmp/info2
Filesize
141B

MD5
29ebed68cace8f8b5105c01253263b8e

SHA1
f1f23c180947993968dd7ace165936e21f598ac4

SHA256
4258bd3c42b7e89fbb33d60c5f2adc4216e87c77643202f7caecde87ac87c9ab

SHA512
39e8b1c4c6f8ac6634f4581bc152aaa2402a9cd99eccfb4430de0d694306390808cacab654e079ec2df779f9b7844a44277fc1039f4a403a98a5ebcdcdd53bac

Download Submit
/tmp/info2
Filesize
155B

MD5
8cb7586a325ebd65d8e4f23246986562

SHA1
48c5f5806446ecf76120daf4336bdf755f518ac3

SHA256
460c7ebd8b4f7c14b75e05d96307796cfb092fa88a8c0915e7ea115c9846f478

SHA512
a6adb0766e868481f2739010042554be44d90a1a9ea3c97411547579c55588bc3544227a2d73e8a966c0230a205a7c96d99e122ba832904376edc3787714453a

Download Submit
/tmp/info2
Filesize
5KB

MD5
f98849479006f7b7801f2c55e02be569

SHA1
27701cea48f1e0fd27586e0976c8b12f7195f29a

SHA256
e47942d84e33bdd142e170dbf479f017ee801d6c4007737f43eae9030e784782

SHA512
b32b4cf0d6fddf752d80b388572d0e96740525f3ac895321c03d987fda6926940160b7944aeacbe31bf47e9b6915dc3ec9c0ecb94e580e79fdd16c826abdc732

Download Submit