Analysis

  • max time kernel
    145s
  • max time network
    134s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    29/03/2024, 16:20

General

  • Target

    26bf96d8a95dcbc0f5f8317adbac3b4e_JaffaCakes118

  • Size

    126KB

  • MD5

    26bf96d8a95dcbc0f5f8317adbac3b4e

  • SHA1

    853b7f12f6dd07834971c4f72ecb9ea9ca925bd1

  • SHA256

    b8fd5494786a392565ffe16d76be6ba6b8c6abbb2a7eae219e7fa67fb2b058e6

  • SHA512

    970be9496e3b3869d4d262b4fb8ca3f3efac27adc60093a585a4e775891a32bb50e575e47bca595fb19907ca22082cbe7e90a026c24cb6c4da948c5250bf40b4

  • SSDEEP

    3072:6jVlyaL5JCrIpv04sXbttiEiTmP46aQyfPlfKsNb:yoCJCN4sXbHemP46aQyfPlfKsNb

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/26bf96d8a95dcbc0f5f8317adbac3b4e_JaffaCakes118
    /tmp/26bf96d8a95dcbc0f5f8317adbac3b4e_JaffaCakes118
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:656

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads