Analysis

  • max time kernel
    0s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    16-06-2024 23:38

General

  • Target

    b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118

  • Size

    1KB

  • MD5

    b5c896ae2cfa638ab2fefe5f146919e7

  • SHA1

    fb42d65970d9d343ee5f1423c36021b20948c661

  • SHA256

    0c91cde5fafcea3f03966ac082e151111e76b2aaeea1e064bb67f65ca97bf0ee

  • SHA512

    2e9b57382ef84b4fd4d8f013f52c8a2f094da96d68c23ecb4fea0638a97a665c57b1236e8b909ae9050afc3d55dbd82348a59b160d7643dca4bf3d3fe3bbf0e1

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 13 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118
    /tmp/b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118
    1⤵
    • Writes file to tmp directory
    PID:1505
    • /bin/cp
      cp /bin/busybox /tmp/
      2⤵
      • Reads runtime system information
      • Writes file to tmp directory
      PID:1506
    • /bin/cat
      cat ntpd
      2⤵
        PID:1508
      • /bin/chmod
        chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
        2⤵
          PID:1509
        • /tmp/badbox
          ./badbox
          2⤵
          • Executes dropped EXE
          PID:1510
        • /bin/cat
          cat sshd
          2⤵
            PID:1513
          • /bin/chmod
            chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
            2⤵
              PID:1514
            • /tmp/badbox
              ./badbox
              2⤵
              • Executes dropped EXE
              PID:1515
            • /bin/cat
              cat openssh
              2⤵
                PID:1518
              • /bin/chmod
                chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                2⤵
                  PID:1519
                • /tmp/badbox
                  ./badbox
                  2⤵
                  • Executes dropped EXE
                  PID:1520
                • /bin/cat
                  cat bash
                  2⤵
                    PID:1523
                  • /bin/chmod
                    chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                    2⤵
                      PID:1524
                    • /tmp/badbox
                      ./badbox
                      2⤵
                      • Executes dropped EXE
                      PID:1525
                    • /bin/cat
                      cat tftp
                      2⤵
                        PID:1528
                      • /bin/chmod
                        chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                        2⤵
                          PID:1529
                        • /tmp/badbox
                          ./badbox
                          2⤵
                          • Executes dropped EXE
                          PID:1530
                        • /bin/cat
                          cat wget
                          2⤵
                            PID:1533
                          • /bin/chmod
                            chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                            2⤵
                              PID:1534
                            • /tmp/badbox
                              ./badbox
                              2⤵
                              • Executes dropped EXE
                              PID:1535
                            • /bin/cat
                              cat cron
                              2⤵
                                PID:1538
                              • /bin/chmod
                                chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                                2⤵
                                  PID:1539
                                • /tmp/badbox
                                  ./badbox
                                  2⤵
                                  • Executes dropped EXE
                                  PID:1540
                                • /bin/cat
                                  cat ftp
                                  2⤵
                                    PID:1543
                                  • /bin/chmod
                                    chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                                    2⤵
                                      PID:1544
                                    • /tmp/badbox
                                      ./badbox
                                      2⤵
                                      • Executes dropped EXE
                                      PID:1545
                                    • /bin/cat
                                      cat pftp
                                      2⤵
                                        PID:1548
                                      • /bin/chmod
                                        chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                                        2⤵
                                          PID:1549
                                        • /tmp/badbox
                                          ./badbox
                                          2⤵
                                          • Executes dropped EXE
                                          PID:1550
                                        • /bin/cat
                                          cat sh
                                          2⤵
                                            PID:1553
                                          • /bin/chmod
                                            chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                                            2⤵
                                              PID:1554
                                            • /tmp/badbox
                                              ./badbox
                                              2⤵
                                              • Executes dropped EXE
                                              PID:1555
                                            • /bin/cat
                                              cat "[cpu]"
                                              2⤵
                                                PID:1558
                                              • /bin/chmod
                                                chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                                                2⤵
                                                  PID:1559
                                                • /tmp/badbox
                                                  ./badbox
                                                  2⤵
                                                  • Executes dropped EXE
                                                  PID:1560
                                                • /bin/cat
                                                  cat apache2
                                                  2⤵
                                                    PID:1563
                                                  • /bin/chmod
                                                    chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                                                    2⤵
                                                      PID:1564
                                                    • /tmp/badbox
                                                      ./badbox
                                                      2⤵
                                                      • Executes dropped EXE
                                                      PID:1565
                                                    • /bin/cat
                                                      cat telnetd
                                                      2⤵
                                                        PID:1568
                                                      • /bin/chmod
                                                        chmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq
                                                        2⤵
                                                          PID:1569
                                                        • /tmp/badbox
                                                          ./badbox
                                                          2⤵
                                                          • Executes dropped EXE
                                                          PID:1570

                                                      Network

                                                      MITRE ATT&CK Matrix

                                                      Replay Monitor

                                                      Loading Replay Monitor...

                                                      Downloads

                                                      • /tmp/busybox

                                                        Filesize

                                                        2.0MB

                                                        MD5

                                                        b4dede5fc0b1bad5cb8e901bde126b97

                                                        SHA1

                                                        10cbe9a418ad84a1ed297948539d37aeb58dd810

                                                        SHA256

                                                        a9f0735d28f9a6a4f2634d3b144156f7b3df3b476a16a5ab0c7bdf98d74dd020

                                                        SHA512

                                                        45665ce3a42f63a01fdef517e0c4cb943efce64c8a32d3ce07ab4f1fafc23cda77f378d324342efc79dc9d2293c4b4454d06c1cf4997b9e866784de01cb546e6