Overview

overview

10

Static

static

10

7244c2dcc9...kes118

ubuntu-22.04-amd64

3

Analysis

  • max time kernel
    147s
  • max time network
    148s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    30-07-2024 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    7244c2dcc9db1a63af1e7650e4abe7be_JaffaCakes118

  • Size

    200KB

  • MD5

    7244c2dcc9db1a63af1e7650e4abe7be

  • SHA1

    2f4e70940c5b32c2d3075b95f01cfcfcdb5e34a5

  • SHA256

    89487eb73d8039826d1979f778eb895daa28f3f3b2044762e296e6c585dd02f0

  • SHA512

    f30f6b0ccf24e234872e3ed59a3c9750a36bf0c9f555e422ec8cb74d30534d4167974a6c08d3b47fffccdba84dce029aecb11442239e2f87048904d8c0c4eca9

  • SSDEEP

    3072:H8ups3rJiGibV54gDz+lTo68N/7pqBcckdTPDi0Sau3m6IwNPhmGyKRAVIf3sT+P:hnL2FD8jHU0SnjPhmGyKRAVIf3sT+n0o

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/7244c2dcc9db1a63af1e7650e4abe7be_JaffaCakes118
    /tmp/7244c2dcc9db1a63af1e7650e4abe7be_JaffaCakes118
    1⤵
      PID:1560
      • /bin/sh
        sh -c "IPT=/sbin/iptables;\$IPT -N TN;\$IPT -A TN -s -j ACCEPT;\$IPT -A TN -p tcp -m tcp --dport 23 -j REJECT;\$IPT -I INPUT -j TN;\$IPT-save; echo 'nameserver 4.2.2.2' > /tmp/resolv.conf;echo 'namserver 208.67.222.222' >> /tmp/resolv.conf"
        2⤵
        • Writes file to tmp directory
        PID:1561
        • /sbin/iptables
          /sbin/iptables -N TN
          3⤵
            PID:1562
          • /sbin/iptables
            /sbin/iptables -A TN -s -j ACCEPT
            3⤵
              PID:1563
            • /sbin/iptables
              /sbin/iptables -A TN -p tcp -m tcp --dport 23 -j REJECT
              3⤵
                PID:1564
              • /sbin/iptables
                /sbin/iptables -I INPUT -j TN
                3⤵
                  PID:1565
                • /sbin/iptables-save
                  /sbin/iptables-save
                  3⤵
                    PID:1566

              Network

              MITRE ATT&CK Matrix

              Replay Monitor

              Loading Replay Monitor...

              Downloads

              • /tmp/resolv.conf
                Filesize

                19B

                MD5

                18e0d4be7ee318c312d30ed75f39224a

                SHA1

                b9dc9465cf5b3df703210bc0a9c3a9cf99a0a9da

                SHA256

                ccf6e60942eb1621dc5c14f36e531f15ddab87cd011b0330055b638437969038

                SHA512

                50d8b06a918649fd3d3b9ddb4e9a5488584adc3fd17c32ed897283bdd96d38f77e51e7bf3580e9ec826aba09112cfcf220a6a989cae1f65e0876787fccd7b7f3

                Download Submit

              • /tmp/resolv.conf
                Filesize

                44B

                MD5

                51a49244ffd6b878ded13f8ca99ec374

                SHA1

                e1b011254290e401e3e033691ac003fb5eb4744e

                SHA256

                b8b3e8e7ef159fac65286258082f832c227e982512ff9457b7d166e91b77ce98

                SHA512

                202ecd188cb234b6d21e6a4c895fc1420ec445bea436a9cba0986fc82979df6d2f3afca57542e2944f5df9b380d61ede54e6782cd3baee0f07a1df41b59a10c1

                Download Submit