Analysis Overview
SHA256
b8c9cc4144cd0684e68d756e68dd8a4175cf7f6bdcd0027f12da84e5ab6c1fb7
Threat Level: Shows suspicious behavior
The file a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Writes file to tmp directory
Reads runtime system information
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-14 12:08
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-14 12:08
Reported
2024-06-14 12:08
Platform
debian9-mipsel-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-14 12:08
Reported
2024-06-14 12:10
Platform
ubuntu1804-amd64-20240508-en
Max time kernel
0s
Max time network
129s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
| N/A | /tmp/badbox | /tmp/badbox | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/filesystems | /bin/cp | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/busybox | /bin/cp | N/A |
| File opened for modification | /tmp/badbox | /tmp/a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 | N/A |
Processes
/tmp/a9992028e06f0e53db75ad378b7dde08_JaffaCakes118
[/tmp/a9992028e06f0e53db75ad378b7dde08_JaffaCakes118]
/bin/cp
[cp /bin/busybox /tmp/]
/bin/cat
[cat ntpd]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat sshd]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat openssh]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat bash]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat tftp]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat wget]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat cron]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat ftp]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat pftp]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat sh]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat ]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat apache2]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
/bin/cat
[cat telnetd]
/bin/chmod
[chmod +x a9992028e06f0e53db75ad378b7dde08_JaffaCakes118 badbox busybox config-err-KKijjM netplan_pn_7vrk3 snap-private-tmp ssh-ZXcDyDpzmy48 systemd-private-11c0afe73f7f40d18b1458513933a37e-bolt.service-UhC7Lk systemd-private-11c0afe73f7f40d18b1458513933a37e-colord.service-WIBxUC systemd-private-11c0afe73f7f40d18b1458513933a37e-ModemManager.service-KLfpCg systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-resolved.service-61erYl systemd-private-11c0afe73f7f40d18b1458513933a37e-systemd-timedated.service-WJ4J8G]
/tmp/badbox
[./badbox]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.129.91:443 | tcp | |
| GB | 195.181.164.14:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
Files
/tmp/busybox
| MD5 | b4dede5fc0b1bad5cb8e901bde126b97 |
| SHA1 | 10cbe9a418ad84a1ed297948539d37aeb58dd810 |
| SHA256 | a9f0735d28f9a6a4f2634d3b144156f7b3df3b476a16a5ab0c7bdf98d74dd020 |
| SHA512 | 45665ce3a42f63a01fdef517e0c4cb943efce64c8a32d3ce07ab4f1fafc23cda77f378d324342efc79dc9d2293c4b4454d06c1cf4997b9e866784de01cb546e6 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-14 12:08
Reported
2024-06-14 12:10
Platform
debian9-armhf-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-14 12:08
Reported
2024-06-14 12:08
Platform
debian9-mipsbe-20240418-en