Overview

overview

7

Static

static

1

faa1fa0ce9...kes118

ubuntu-18.04-amd64

7

faa1fa0ce9...kes118

debian-9-armhf

7

faa1fa0ce9...kes118

debian-9-mips

7

faa1fa0ce9...kes118

debian-9-mipsel

7

Analysis

  • max time kernel
    0s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240611-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    27-09-2024 15:08

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118

  • Size

    1KB

  • MD5

    faa1fa0ce90152a29a6824f7bfe33418

  • SHA1

    24e07639524a9bbdbedc648f10289cb0ab0039ef

  • SHA256

    8043562533fc8cf2fa9480353cc1c8ffaf34e3f299e6d06b477ea293a4646c00

  • SHA512

    4e6c9f3d5c2c7cf8c2110ca021aeb2cbbdb032d8212eeda613d54aeae4cea613cac82c4a0165197912e93bffef372aa4f0f3ca4ae66be4eaa0473d0d19cd8f60

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • File and Directory Permissions Modification 1 TTPs 13 IoCs

    Adversaries may modify file or directory permissions to evade defenses.

    defense_evasion
  • Executes dropped EXE 13 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery
  • Writes file to tmp directory 2 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118
    /tmp/faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118
    1⤵
    • Writes file to tmp directory
    PID:1521
    • /bin/cp
      cp /bin/busybox /tmp/
      2⤵
      • Reads runtime system information
      • Writes file to tmp directory
      PID:1522
    • /bin/cat
      cat ntpd
      2⤵
        PID:1524
      • /bin/chmod
        chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
        2⤵
        • File and Directory Permissions Modification
        PID:1525
      • /tmp/badbox
        ./badbox
        2⤵
        • Executes dropped EXE
        PID:1526
      • /bin/cat
        cat sshd
        2⤵
          PID:1529
        • /bin/chmod
          chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
          2⤵
          • File and Directory Permissions Modification
          PID:1530
        • /tmp/badbox
          ./badbox
          2⤵
          • Executes dropped EXE
          PID:1531
        • /bin/cat
          cat openssh
          2⤵
            PID:1534
          • /bin/chmod
            chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
            2⤵
            • File and Directory Permissions Modification
            PID:1535
          • /tmp/badbox
            ./badbox
            2⤵
            • Executes dropped EXE
            PID:1536
          • /bin/cat
            cat bash
            2⤵
              PID:1539
            • /bin/chmod
              chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
              2⤵
              • File and Directory Permissions Modification
              PID:1540
            • /tmp/badbox
              ./badbox
              2⤵
              • Executes dropped EXE
              PID:1541
            • /bin/cat
              cat tftp
              2⤵
                PID:1545
              • /bin/chmod
                chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
                2⤵
                • File and Directory Permissions Modification
                PID:1546
              • /tmp/badbox
                ./badbox
                2⤵
                • Executes dropped EXE
                PID:1547
              • /bin/cat
                cat wget
                2⤵
                  PID:1550
                • /bin/chmod
                  chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
                  2⤵
                  • File and Directory Permissions Modification
                  PID:1551
                • /tmp/badbox
                  ./badbox
                  2⤵
                  • Executes dropped EXE
                  PID:1552
                • /bin/cat
                  cat cron
                  2⤵
                    PID:1555
                  • /bin/chmod
                    chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
                    2⤵
                    • File and Directory Permissions Modification
                    PID:1556
                  • /tmp/badbox
                    ./badbox
                    2⤵
                    • Executes dropped EXE
                    PID:1557
                  • /bin/cat
                    cat ftp
                    2⤵
                      PID:1560
                    • /bin/chmod
                      chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
                      2⤵
                      • File and Directory Permissions Modification
                      PID:1561
                    • /tmp/badbox
                      ./badbox
                      2⤵
                      • Executes dropped EXE
                      PID:1562
                    • /bin/cat
                      cat pftp
                      2⤵
                        PID:1565
                      • /bin/chmod
                        chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
                        2⤵
                        • File and Directory Permissions Modification
                        PID:1566
                      • /tmp/badbox
                        ./badbox
                        2⤵
                        • Executes dropped EXE
                        PID:1567
                      • /bin/cat
                        cat sh
                        2⤵
                          PID:1570
                        • /bin/chmod
                          chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
                          2⤵
                          • File and Directory Permissions Modification
                          PID:1571
                        • /tmp/badbox
                          ./badbox
                          2⤵
                          • Executes dropped EXE
                          PID:1572
                        • /bin/cat
                          cat " "
                          2⤵
                            PID:1575
                          • /bin/chmod
                            chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
                            2⤵
                            • File and Directory Permissions Modification
                            PID:1576
                          • /tmp/badbox
                            ./badbox
                            2⤵
                            • Executes dropped EXE
                            PID:1577
                          • /bin/cat
                            cat apache2
                            2⤵
                              PID:1580
                            • /bin/chmod
                              chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
                              2⤵
                              • File and Directory Permissions Modification
                              PID:1581
                            • /tmp/badbox
                              ./badbox
                              2⤵
                              • Executes dropped EXE
                              PID:1582
                            • /bin/cat
                              cat telnetd
                              2⤵
                                PID:1585
                              • /bin/chmod
                                chmod +x badbox busybox config-err-PbsI07 faa1fa0ce90152a29a6824f7bfe33418_JaffaCakes118 netplan_7a8rbi6v snap-private-tmp ssh-A9hzxxB7k8cr systemd-private-c1db73102294453eb9db05b38a3eefc6-bolt.service-UQALNw systemd-private-c1db73102294453eb9db05b38a3eefc6-colord.service-uHzzkC systemd-private-c1db73102294453eb9db05b38a3eefc6-ModemManager.service-UPgEGW systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-resolved.service-wdb5bb systemd-private-c1db73102294453eb9db05b38a3eefc6-systemd-timedated.service-qBPhX3
                                2⤵
                                • File and Directory Permissions Modification
                                PID:1586
                              • /tmp/badbox
                                ./badbox
                                2⤵
                                • Executes dropped EXE
                                PID:1587

                            Network

                            MITRE ATT&CK Enterprise v15

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • /tmp/busybox
                              Filesize

                              2.0MB

                              MD5

                              b4dede5fc0b1bad5cb8e901bde126b97

                              SHA1

                              10cbe9a418ad84a1ed297948539d37aeb58dd810

                              SHA256

                              a9f0735d28f9a6a4f2634d3b144156f7b3df3b476a16a5ab0c7bdf98d74dd020

                              SHA512

                              45665ce3a42f63a01fdef517e0c4cb943efce64c8a32d3ce07ab4f1fafc23cda77f378d324342efc79dc9d2293c4b4454d06c1cf4997b9e866784de01cb546e6

                              Download Submit