90be418508dffa4910e0fd27fd29627260bb3fab2147344c624f99c51fd56404

Analysis

max time kernel
13s
max time network
12s
platform
debian-9_mipsel
resource
debian9-mipsel-20240418-en
resource tags

arch:mipselimage:debian9-mipsel-20240418-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
submitted
27-06-2024 11:10

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

15c7b600329249a4895395e61a9a88fe_JaffaCakes118
Size

1KB
MD5

15c7b600329249a4895395e61a9a88fe
SHA1

9b0ea0243e1c9b94847c11f7b444122d41740a58
SHA256

90be418508dffa4910e0fd27fd29627260bb3fab2147344c624f99c51fd56404
SHA512

5cec126597949a66c1bb4a7c92a96f0d48b4b4db1557848692179bd09ba065c6a9e1d4d17335cf967489f0d853a03568dbf208af60e17eafc3931ca3ac9fc04d

Score

4^/10

antivm

Malware Config

Signatures

Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
antivm

Virtualization/Sandbox Evasion
T1497

Processes:

cat

description ioc process

File opened for reading /proc/cpuinfo cat

description	ioc	process
File opened for reading	/proc/cpuinfo	cat

Reads CPU attributes 1 TTPs 4 IoCs

System Information Discovery

T1082

Processes:

uptimefreeexim4exim4

description	ioc	process
File opened for reading	/sys/devices/system/cpu/online	uptime
File opened for reading	/sys/devices/system/cpu/online	free
File opened for reading	/sys/devices/system/cpu/online	exim4
File opened for reading	/sys/devices/system/cpu/online	exim4

Reads runtime system information 10 IoCs

Reads data from /proc virtual filesystem.

Processes:

uptimefreedfsendmailexim4

description	ioc	process
File opened for reading	/proc/sys/kernel/osrelease	uptime
File opened for reading	/proc/uptime	uptime
File opened for reading	/proc/filesystems	free
File opened for reading	/proc/sys/kernel/osrelease	free
File opened for reading	/proc/meminfo	free
File opened for reading	/proc/filesystems	uptime
File opened for reading	/proc/loadavg	uptime
File opened for reading	/proc/self/mountinfo	df
File opened for reading	/proc/sys/kernel/ngroups_max	sendmail
File opened for reading	/proc/sys/kernel/ngroups_max	exim4

Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.

Processes:

15c7b600329249a4895395e61a9a88fe_JaffaCakes118mail

description ioc process

File opened for modification /tmp/info2 15c7b600329249a4895395e61a9a88fe_JaffaCakes118
File opened for modification /tmp/muTv8Nkw mail
File opened for modification /tmp/muS0iO4b mail

description	ioc	process
File opened for modification	/tmp/info2	15c7b600329249a4895395e61a9a88fe_JaffaCakes118
File opened for modification	/tmp/muTv8Nkw	mail
File opened for modification	/tmp/muS0iO4b	mail

/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:704

/bin/uname
uname -a
2⤵
PID:706

/sbin/ifconfig
/sbin/ifconfig
2⤵
PID:707

/bin/grep
grep inet
2⤵
PID:708

/usr/bin/uptime
uptime
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:711

/bin/cat
cat /proc/cpuinfo
2⤵
- Checks CPU configuration
PID:717

/bin/cat
cat /etc/passwd
2⤵
PID:719

/bin/cat
cat /etc/shadow
2⤵
PID:722

/bin/df
df -h
2⤵
- Reads runtime system information
PID:724

/usr/bin/free
free
2⤵
- Reads CPU attributes
- Reads runtime system information
PID:726

/bin/ping
ping -c 2 216.115.108.245
2⤵
PID:729

/bin/cat
cat /etc/hosts
2⤵
PID:734

/bin/sleep
sleep 5
2⤵
PID:735

/bin/cat
cat info2
2⤵
PID:771

/bin/uname
uname -a
2⤵
PID:773

/usr/bin/mail
mail -s "Linux debian9-mipsel-20240418-en-13 4.9.0-13-4kc-malta #1 Debian 4.9.228-1 (2020-07-05) mips GNU/Linux" "[email protected]"
2⤵
- Writes file to tmp directory
PID:772

/usr/sbin/sendmail
/usr/sbin/sendmail -oi -f "root@debian9-mipsel-20240418-en-13" -t
3⤵
- Reads runtime system information
PID:784

/usr/sbin/exim4
/usr/sbin/exim4 -Mc 1sMl9j-0000Ce-0G
4⤵
- Reads CPU attributes
PID:790

/usr/sbin/exim4
/usr/sbin/exim4 -t -oem -oi -f "<>" -E1sMl9j-0000Ce-0G
5⤵
- Reads runtime system information
PID:793

/usr/sbin/exim4
/usr/sbin/exim4 -Mc 1sMl9k-0000Cn-Id
6⤵
- Reads CPU attributes
PID:795

/bin/sleep
sleep 5
2⤵
PID:791

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/info2
Filesize
4B

MD5
2bb6aed5111ef9726bcf6eef982ff32b

SHA1
4d49d894436449e792b0cdf8522584065b298c90

SHA256
e5e61fed291cefe8bd2c2b895b3001e679931c3d93f3597fb5e27b5bcae8f825

SHA512
5c0aa37c6fa67edf72abdd2f7789538d0a2c12a1fec2dc575ee1df3c1874a4bda33259b3b60127ef4365410d85c742a0fb463f920b99c30863ff3c502494b3bf

Download Submit
/tmp/info2
Filesize
107B

MD5
d20fbc2555eae6799ca62c8abbcf0917

SHA1
6e0f851601aa4369bddbdedd64ec17a11d30e351

SHA256
409157d1a59e1b7a323634d91913348bade070e938c299eb883c120c0586df4b

SHA512
1f91720a0a1d9be44708941f3547286238a1c0313d4e9e68a9efb329e8bae37e1d45923154d811343b38891c65ec40a79c0eb7df14258b0dea6c5306806d3baf

Download Submit
/tmp/info2
Filesize
111B

MD5
d161e5c9d09b16c07cd4f33132023bc1

SHA1
5ee1f1c9c07bed5ef9faf9295e47c3d1406146f4

SHA256
65c1998c279949d05a346259388d16b7831d41c430ffe30584d87a1af593a3d5

SHA512
9fad5954017dcfd7c8f5372e9e7ee003fb75bfe2326f5f4cb2e5754f25dcf9e4ba9d9378702d58e1a8a317c5c045f32bae09768c4f39f85672170f9347d93af8

Download Submit
/tmp/info2
Filesize
112B

MD5
14dbdb43bacce2f3ceebe7d8e4a9b6f1

SHA1
82dde42ae994b21af9b1f5f70d9ef1d48a10f3f4

SHA256
7ddd4a31c23813ebf9992fb487d84c7c00e62e4311aa67425dc2f15de51e2f13

SHA512
616dcf28145980c1de02e2c49bd5ba9ebb57bea976a82b79e8a38f33764c7d0c4a2dcc42333b3d3eceebba0e6c42d2d16a4c442bfd04eb77b5f93fbe6264f352

Download Submit
/tmp/info2
Filesize
126B

MD5
c0ef4f37430c4e69b9e743954e4f0893

SHA1
a6f58652afb8a0dbe35e3d3cfb132c3cf82dc31a

SHA256
81f5ec6907d884054b46e37b5e2300918eed25cd5eefd0730a073718c030dd5b

SHA512
7e83ef04a7037a0320df68ea7a592e9e074a3a1a7f6bf8f83665d983ad9926981d8c1fab46b4422904afc66ca32a7fbf74933422b75b9180178b6b56f7601a48

Download Submit
/tmp/info2
Filesize
4KB

MD5
15e07d6f143c0d49981b570c45d34a4d

SHA1
2a364272379857932a8a29e8350f974b2e1cb6ae

SHA256
ef0b515e85fd32e30fe97965a081ac5b85505bb46b0e5f7d0c44b7ee911545e5

SHA512
663ce0e9090f758de8601958c2c2a3d412be9d97fa0679a5c49e82a6c14fde028fa3815f1af9d6a4c9e9a81c248f56c00d48ec1f557809fdfd99e3f4daa5616a

Download Submit
/var/mail/user
Filesize
6KB

MD5
3515ebcb849f017e8d1e6186b2c2f7ad

SHA1
0356b4b21b0fcdf79956d965f1ee03847ed21c0c

SHA256
20d2b30159081ced35f9f71da97c25ca1d241ae05aee8e42a4cf575526169239

SHA512
11dd497cbc8a8f0c7362ab86af85756c8a0835f4213d72174492ef7d87e72cf11e08fe8b1609e1166a44d2f6d25a3e9d3bb9cfc0876be106a0b0cfc15c3281a4

Download Submit
/var/spool/exim4/input/1sMl9j-0000Ce-0G-D
Filesize
4KB

MD5
22be44e3c2cdc8f06838b05acfe926a4

SHA1
2e85770ed74a180edb214d609729cbc4811219ad

SHA256
bc7af30d1c36e41f1eed8cb5e904342e668fe967cc2614bb4c984c989fa7568e

SHA512
570acf03fed85a4ce9397e78a16f085d33f680cf5b4ba8aed533d951b028fa74ce0f345abf263568468c276518560505e3d226ea4de4427f0da562a5b5c4e44b

Download Submit
/var/spool/exim4/input/1sMl9k-0000Cn-Id-D
Filesize
5KB

MD5
994e5f70eae8d6ac6dacde9573fc535e

SHA1
2c8b4fcb8805a37d830bb6c23c399fdbb51d8cc3

SHA256
a404395c4114405405f44413f8dcf70d2feb380348a8aa91472f6be791f720c1

SHA512
015dc8b3fc4593dc998ee437eb0b8b143b86ea38a45aafe3a3c195b9880aa61f39bccc7562ed0055a96d5932e614b65c83888844e4c59594cb4cf90d75ea0a23

Download Submit
/var/spool/exim4/input/1sMl9k-0000Cn-Id-J
Filesize
34B

MD5
d7d96d63d643a4ce3e408eba7dfcedc5

SHA1
c53607f95c5c57beafc1d8266646797a035f76ea

SHA256
21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159

SHA512
703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3

Download Submit
/var/spool/exim4/input/hdr.784
Filesize
827B

MD5
aea7c90da811efc918935991bb659bbc

SHA1
b44cb50ecb8c03a4170a816a51c78bb7f1e009ff

SHA256
be5aff11865fec7933e5cefbc643b2ec708cbc8ed01df1daec2d51c2d34a0d96

SHA512
6136a82351de093750e8c97f6091d8ab3ab2fb7913ea6fd125d547ea670799e4ff1ec8f74ef593a5083d6e171636c8f1d412307293d324a711e8596267b82572

Download Submit
/var/spool/exim4/input/hdr.790
Filesize
848B

MD5
a07da5d491e18fdce753af5ce1f843c9

SHA1
d8858ae1c2f7e6bf204ff91978b88d37bf5e10d8

SHA256
02ae76b449bd9bf98acf09ee2cbd66551cf5619a07cf4ab197f4e615538ee724

SHA512
7de37301a10d48a4905559af97c4c74df8ea2f9cfa6fda1209a11515719a338c38e74573c2442d0d477c46d3d30505498d07fb3ac25aa5f7551b9a53cfdf1ba9

Download Submit
/var/spool/exim4/input/hdr.793
Filesize
961B

MD5
9c44580466aefbea963f6ed85434ee2e

SHA1
a097bc187c1bc277093a851643d93ad1037154ee

SHA256
9f6fd40dfcac7c53ea211814990b4a25a9aedf7f151161c64b6f18a39152d29b

SHA512
c8adb6f609ffe5b60da2a16d9a58052f34f32f4d5986dbffff9b4b4828e1a8d8c32da24c0177131dca5b9cc699cfdff504735a3311db4a677a740bbe193eb294

Download Submit
/var/spool/exim4/msglog/1sMl9j-0000Ce-0G
Filesize
91B

MD5
0d5b19d1e57bfd8ffaceb20f629657a3

SHA1
34efcdde1a3c62004e13514da29aca9e805b13e8

SHA256
4fb72715ce953c39a7e7dba7cc1d812d8217db60a909e003f767764cea9936de

SHA512
57c282ce3ad821245510686c11b62dc4ab5732a1d0624c0a1221f19793beba63240fe71d379afef54b4fbe2b90907fd736dc809aa2668aaa3579a816285146ff

Download Submit
/var/spool/exim4/msglog/1sMl9j-0000Ce-0G
Filesize
184B

MD5
e11b3c99ef47d5031867cc013c5334f9

SHA1
845bdc58a1abd4c70a2fe134379d77fa4dd8c8a3

SHA256
cab3138ede41219bc056840fb20b792cc19b4c3bf324270d39e2a7ff9a60b86b

SHA512
9f39f82243b808ee9b7417f9b94daec527419e12904e2590baa29df8fa7980e7433b0ddd8aa7f454690fb9ec05ab99ce2a9a07c1035dde147365b43160af658f

Download Submit
/var/spool/exim4/msglog/1sMl9k-0000Cn-Id
Filesize
85B

MD5
3af5d89b4110bb0a80399167fc21e59e

SHA1
d015c18cf232a3f365f8866c4af6f935ae0b98c5

SHA256
c4484145e289743d6e090d79374abc2a132a5b9e3cc0601fa48b6b0d7f701813

SHA512
058f68d70629b32702d57d4e134501af9348fbe2ed493c02ebdcf339502d33e64863f1011c15e7d2b0711b8cbd9d23f4894b985651ebdde6ed8b9f65143aa4ee

Download Submit
/var/spool/exim4/msglog/1sMl9k-0000Cn-Id
Filesize
286B

MD5
67f70b48845041e131628e1d8ca7e741

SHA1
2e7e14b6a62a2acb2c9cbc5a06d15a7c0433c54a

SHA256
71aabfb65e6091a7e059b303d4256ec337c88dab1bc7edbb8e1466346cba54b8

SHA512
116ec7f94749689307365fc889c9f71bcb069af65cc4daecf47a09927dc5b578f6aaacf0512cd7e04a08e1686d1d93cc843798a24416c8a231ff9b6ee850e610

Download Submit