Analysis
-
max time kernel
0s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
16-06-2024 23:38
Static task
static1
Behavioral task
behavioral1
Sample
b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118
Resource
debian9-mipsel-20240226-en
General
-
Target
b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118
-
Size
1KB
-
MD5
b5c896ae2cfa638ab2fefe5f146919e7
-
SHA1
fb42d65970d9d343ee5f1423c36021b20948c661
-
SHA256
0c91cde5fafcea3f03966ac082e151111e76b2aaeea1e064bb67f65ca97bf0ee
-
SHA512
2e9b57382ef84b4fd4d8f013f52c8a2f094da96d68c23ecb4fea0638a97a665c57b1236e8b909ae9050afc3d55dbd82348a59b160d7643dca4bf3d3fe3bbf0e1
Malware Config
Signatures
-
Executes dropped EXE 13 IoCs
Processes:
badboxbadboxbadboxbadboxbadboxbadboxbadboxbadboxbadboxbadboxbadboxbadboxbadboxioc pid process /tmp/badbox 1510 badbox /tmp/badbox 1515 badbox /tmp/badbox 1520 badbox /tmp/badbox 1525 badbox /tmp/badbox 1530 badbox /tmp/badbox 1535 badbox /tmp/badbox 1540 badbox /tmp/badbox 1545 badbox /tmp/badbox 1550 badbox /tmp/badbox 1555 badbox /tmp/badbox 1560 badbox /tmp/badbox 1565 badbox /tmp/badbox 1570 badbox -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
Processes:
cpdescription ioc process File opened for reading /proc/filesystems cp -
Writes file to tmp directory 2 IoCs
Malware often drops required files in the /tmp directory.
Processes:
cpb5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118description ioc process File opened for modification /tmp/busybox cp File opened for modification /tmp/badbox b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118
Processes
-
/tmp/b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118/tmp/b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes1181⤵
- Writes file to tmp directory
PID:1505 -
/bin/cpcp /bin/busybox /tmp/2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1506 -
/bin/catcat ntpd2⤵PID:1508
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1509
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1510 -
/bin/catcat sshd2⤵PID:1513
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1514
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1515 -
/bin/catcat openssh2⤵PID:1518
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1519
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1520 -
/bin/catcat bash2⤵PID:1523
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1524
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1525 -
/bin/catcat tftp2⤵PID:1528
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1529
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1530 -
/bin/catcat wget2⤵PID:1533
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1534
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1535 -
/bin/catcat cron2⤵PID:1538
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1539
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1540 -
/bin/catcat ftp2⤵PID:1543
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1544
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1545 -
/bin/catcat pftp2⤵PID:1548
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1549
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1550 -
/bin/catcat sh2⤵PID:1553
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1554
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1555 -
/bin/catcat "[cpu]"2⤵PID:1558
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1559
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1560 -
/bin/catcat apache22⤵PID:1563
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1564
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1565 -
/bin/catcat telnetd2⤵PID:1568
-
/bin/chmodchmod +x b5c896ae2cfa638ab2fefe5f146919e7_JaffaCakes118 badbox busybox config-err-MsoZIU netplan_6etimwxp snap-private-tmp ssh-QG10K9MbVSH7 systemd-private-da77271824104e4081ce2dbfbe9918d7-bolt.service-NWe0PJ systemd-private-da77271824104e4081ce2dbfbe9918d7-colord.service-jJgtGR systemd-private-da77271824104e4081ce2dbfbe9918d7-ModemManager.service-hTy2A2 systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-resolved.service-pQGkqe systemd-private-da77271824104e4081ce2dbfbe9918d7-systemd-timedated.service-vsjbcq2⤵PID:1569
-
/tmp/badbox./badbox2⤵
- Executes dropped EXE
PID:1570
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD5b4dede5fc0b1bad5cb8e901bde126b97
SHA110cbe9a418ad84a1ed297948539d37aeb58dd810
SHA256a9f0735d28f9a6a4f2634d3b144156f7b3df3b476a16a5ab0c7bdf98d74dd020
SHA51245665ce3a42f63a01fdef517e0c4cb943efce64c8a32d3ce07ab4f1fafc23cda77f378d324342efc79dc9d2293c4b4454d06c1cf4997b9e866784de01cb546e6