Overview

overview

7

Static

static

1

692ce147f8...kes118

ubuntu-18.04-amd64

7

692ce147f8...kes118

debian-9-armhf

1

692ce147f8...kes118

debian-9-mips

692ce147f8...kes118

debian-9-mipsel

Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    23-05-2024 00:40

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118

  • Size

    1KB

  • MD5

    692ce147f88a833e8cc368dc6c7aca8e

  • SHA1

    70b15947bab34c9958780127c83bbb0e601e7795

  • SHA256

    2baafbc5a5aa1cd5138eb3bfdb550eee0458129e746bb37e8f98b68f7d64c36e

  • SHA512

    e0ec01323c80420f1abc3150699a6bc0c279af8924d4a1c181319ebf43fa912c908c232c37db9e7fe7d3569ae9165d059b086144b0261520f108d1ac866a5a78

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 13 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118
    /tmp/692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118
    1⤵
    • Writes file to tmp directory
    PID:1501
    • /bin/cp
      cp /bin/busybox /tmp/
      2⤵
      • Reads runtime system information
      • Writes file to tmp directory
      PID:1502
    • /bin/cat
      cat ntpd
      2⤵
        PID:1505
      • /bin/chmod
        chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
        2⤵
          PID:1506
        • /tmp/badbox
          ./badbox
          2⤵
          • Executes dropped EXE
          PID:1507
        • /bin/cat
          cat sshd
          2⤵
            PID:1510
          • /bin/chmod
            chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
            2⤵
              PID:1511
            • /tmp/badbox
              ./badbox
              2⤵
              • Executes dropped EXE
              PID:1512
            • /bin/cat
              cat openssh
              2⤵
                PID:1515
              • /bin/chmod
                chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                2⤵
                  PID:1516
                • /tmp/badbox
                  ./badbox
                  2⤵
                  • Executes dropped EXE
                  PID:1517
                • /bin/cat
                  cat bash
                  2⤵
                    PID:1520
                  • /bin/chmod
                    chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                    2⤵
                      PID:1521
                    • /tmp/badbox
                      ./badbox
                      2⤵
                      • Executes dropped EXE
                      PID:1522
                    • /bin/cat
                      cat tftp
                      2⤵
                        PID:1525
                      • /bin/chmod
                        chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                        2⤵
                          PID:1526
                        • /tmp/badbox
                          ./badbox
                          2⤵
                          • Executes dropped EXE
                          PID:1527
                        • /bin/cat
                          cat wget
                          2⤵
                            PID:1530
                          • /bin/chmod
                            chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                            2⤵
                              PID:1531
                            • /tmp/badbox
                              ./badbox
                              2⤵
                              • Executes dropped EXE
                              PID:1532
                            • /bin/cat
                              cat cron
                              2⤵
                                PID:1535
                              • /bin/chmod
                                chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                                2⤵
                                  PID:1536
                                • /tmp/badbox
                                  ./badbox
                                  2⤵
                                  • Executes dropped EXE
                                  PID:1537
                                • /bin/cat
                                  cat ftp
                                  2⤵
                                    PID:1540
                                  • /bin/chmod
                                    chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                                    2⤵
                                      PID:1541
                                    • /tmp/badbox
                                      ./badbox
                                      2⤵
                                      • Executes dropped EXE
                                      PID:1542
                                    • /bin/cat
                                      cat pftp
                                      2⤵
                                        PID:1545
                                      • /bin/chmod
                                        chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                                        2⤵
                                          PID:1546
                                        • /tmp/badbox
                                          ./badbox
                                          2⤵
                                          • Executes dropped EXE
                                          PID:1547
                                        • /bin/cat
                                          cat sh
                                          2⤵
                                            PID:1550
                                          • /bin/chmod
                                            chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                                            2⤵
                                              PID:1551
                                            • /tmp/badbox
                                              ./badbox
                                              2⤵
                                              • Executes dropped EXE
                                              PID:1552
                                            • /bin/cat
                                              cat "[CPU]"
                                              2⤵
                                                PID:1555
                                              • /bin/chmod
                                                chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                                                2⤵
                                                  PID:1556
                                                • /tmp/badbox
                                                  ./badbox
                                                  2⤵
                                                  • Executes dropped EXE
                                                  PID:1557
                                                • /bin/cat
                                                  cat apache2
                                                  2⤵
                                                    PID:1560
                                                  • /bin/chmod
                                                    chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                                                    2⤵
                                                      PID:1561
                                                    • /tmp/badbox
                                                      ./badbox
                                                      2⤵
                                                      • Executes dropped EXE
                                                      PID:1562
                                                    • /bin/cat
                                                      cat telnetd
                                                      2⤵
                                                        PID:1565
                                                      • /bin/chmod
                                                        chmod +x 692ce147f88a833e8cc368dc6c7aca8e_JaffaCakes118 badbox busybox config-err-2geHuo netplan_55h8ruqj snap-private-tmp ssh-z2eMMSmwwihO systemd-private-c1d452644e394cc8838b843c74e6f363-bolt.service-KllVmz systemd-private-c1d452644e394cc8838b843c74e6f363-colord.service-gspwVE systemd-private-c1d452644e394cc8838b843c74e6f363-ModemManager.service-Gzd6EZ systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-resolved.service-IxcBEd systemd-private-c1d452644e394cc8838b843c74e6f363-systemd-timedated.service-WS0pt4
                                                        2⤵
                                                          PID:1566
                                                        • /tmp/badbox
                                                          ./badbox
                                                          2⤵
                                                          • Executes dropped EXE
                                                          PID:1567

                                                      Network

                                                      MITRE ATT&CK Matrix

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • /tmp/busybox
                                                        Filesize

                                                        2.0MB

                                                        MD5

                                                        b4dede5fc0b1bad5cb8e901bde126b97

                                                        SHA1

                                                        10cbe9a418ad84a1ed297948539d37aeb58dd810

                                                        SHA256

                                                        a9f0735d28f9a6a4f2634d3b144156f7b3df3b476a16a5ab0c7bdf98d74dd020

                                                        SHA512

                                                        45665ce3a42f63a01fdef517e0c4cb943efce64c8a32d3ce07ab4f1fafc23cda77f378d324342efc79dc9d2293c4b4454d06c1cf4997b9e866784de01cb546e6

                                                        Download Submit