a764817259a3a751783544c83176589e9b70dfa79845b285593bb23eb19efd0a

Analysis

max time kernel
0s
max time network
132s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
19-05-2024 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118
Size

1KB
MD5

5b29e4e7140e8826347c2cd43c428b25
SHA1

99e2f547838a3cea81eb1dbb086211477abe5bdd
SHA256

a764817259a3a751783544c83176589e9b70dfa79845b285593bb23eb19efd0a
SHA512

553752e73da8a885e74f981b5310eba24c6cc0abdc07330e99e49d559bc274fe2b06992edb7e3162a8c76c7732ceb057f2a729829e9872a8dc9420b1190015e0

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

ioc	pid	Process
/tmp/InfectedByHubnr	1490	InfectedByHubnr
/tmp/InfectedByHubnr	1495	InfectedByHubnr
/tmp/InfectedByHubnr	1500	InfectedByHubnr
/tmp/InfectedByHubnr	1505	InfectedByHubnr
/tmp/InfectedByHubnr	1510	InfectedByHubnr
/tmp/InfectedByHubnr	1515	InfectedByHubnr
/tmp/InfectedByHubnr	1520	InfectedByHubnr
/tmp/InfectedByHubnr	1525	InfectedByHubnr
/tmp/InfectedByHubnr	1530	InfectedByHubnr
/tmp/InfectedByHubnr	1535	InfectedByHubnr

Reads runtime system information 1 IoCs

Reads data from /proc virtual filesystem.

description	ioc	Process
File opened for reading	/proc/filesystems	cp

Writes file to tmp directory 2 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/busybox	cp
File opened for modification	/tmp/InfectedByHubnr	5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118

/tmp/5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118
/tmp/5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:1485
- /bin/cp
  cp /bin/busybox /tmp/
  2⤵
  - Reads runtime system information
  - Writes file to tmp directory
  PID:1486
- /bin/cat
  cat Josho.x86
  2⤵
  PID:1488
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1489
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1490
- /bin/cat
  cat Josho.mips
  2⤵
  PID:1493
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1494
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1495
- /bin/cat
  cat Josho.mpsl
  2⤵
  PID:1498
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1499
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1500
- /bin/cat
  cat Josho.arm4
  2⤵
  PID:1503
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1504
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1505
- /bin/cat
  cat Josho.arm5
  2⤵
  PID:1508
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1509
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1510
- /bin/cat
  cat Josho.arm6
  2⤵
  PID:1513
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1514
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1515
- /bin/cat
  cat Josho.arm7
  2⤵
  PID:1518
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1519
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1520
- /bin/cat
  cat Josho.ppc
  2⤵
  PID:1523
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1524
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1525
- /bin/cat
  cat Josho.m68k
  2⤵
  PID:1528
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1529
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1530
- /bin/cat
  cat Josho.sh4
  2⤵
  PID:1533
- /bin/chmod
  chmod +x 5b29e4e7140e8826347c2cd43c428b25_JaffaCakes118 busybox config-err-R52pd2 InfectedByHubnr netplan_avflpz3e snap-private-tmp ssh-7svD6qCESQbR systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-bolt.service-sMjqOQ systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-colord.service-CGiR9j systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-ModemManager.service-MiKhe1 systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-resolved.service-4LjNxe systemd-private-e8790f827db24cc8bf9b4ff61ccabe95-systemd-timedated.service-KDYUyM
  2⤵
  PID:1534
- /tmp/InfectedByHubnr
  ./InfectedByHubnr ssh
  2⤵
  - Executes dropped EXE
  PID:1535

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/busybox

Filesize
2.0MB

MD5
b4dede5fc0b1bad5cb8e901bde126b97

SHA1
10cbe9a418ad84a1ed297948539d37aeb58dd810

SHA256
a9f0735d28f9a6a4f2634d3b144156f7b3df3b476a16a5ab0c7bdf98d74dd020

SHA512
45665ce3a42f63a01fdef517e0c4cb943efce64c8a32d3ce07ab4f1fafc23cda77f378d324342efc79dc9d2293c4b4454d06c1cf4997b9e866784de01cb546e6

Download Submit