Analysis
-
max time kernel
145s -
max time network
134s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
29/03/2024, 16:20
Behavioral task
behavioral1
Sample
26bf96d8a95dcbc0f5f8317adbac3b4e_JaffaCakes118
Resource
debian9-armhf-20240226-en
General
-
Target
26bf96d8a95dcbc0f5f8317adbac3b4e_JaffaCakes118
-
Size
126KB
-
MD5
26bf96d8a95dcbc0f5f8317adbac3b4e
-
SHA1
853b7f12f6dd07834971c4f72ecb9ea9ca925bd1
-
SHA256
b8fd5494786a392565ffe16d76be6ba6b8c6abbb2a7eae219e7fa67fb2b058e6
-
SHA512
970be9496e3b3869d4d262b4fb8ca3f3efac27adc60093a585a4e775891a32bb50e575e47bca595fb19907ca22082cbe7e90a026c24cb6c4da948c5250bf40b4
-
SSDEEP
3072:6jVlyaL5JCrIpv04sXbttiEiTmP46aQyfPlfKsNb:yoCJCN4sXbHemP46aQyfPlfKsNb
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself sshd 656 26bf96d8a95dcbc0f5f8317adbac3b4e_JaffaCakes118 -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/misc/watchdog File opened for modification /dev/watchdog -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route 26bf96d8a95dcbc0f5f8317adbac3b4e_JaffaCakes118 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route 26bf96d8a95dcbc0f5f8317adbac3b4e_JaffaCakes118