Analysis

  • max time kernel
    147s
  • max time network
    150s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    30/03/2024, 07:31

General

  • Target

    36dc616622ed3151f77464479931d3b3_JaffaCakes118

  • Size

    177KB

  • MD5

    36dc616622ed3151f77464479931d3b3

  • SHA1

    ae11179eb2bd3a6e18d9e736100b8fd7b431890c

  • SHA256

    b58bd2545c4e3506809e0786e9395d0529387fa2f13e01000242d2efeea30e26

  • SHA512

    5f8b57b76ae7a1fe1bf36777822365b4c4bf8c69cb3c76ed8af887b583b49e6938427aa5902e25b248c55de75efdb41aca0253a54809b3de0210d3c063bee661

  • SSDEEP

    3072:QHYzm8niNZyZXWvsYgua6T/laTVrhBnUetJ8add9QzhsinjqsjWDIvmy4Q0LFXzX:ysYPaa/GBUetJ8addQfnjcqmy4Q0LZzX

Score
7/10

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/36dc616622ed3151f77464479931d3b3_JaffaCakes118
    /tmp/36dc616622ed3151f77464479931d3b3_JaffaCakes118
    1⤵
    • Changes its process name
    • Reads system routing table
    • Reads system network configuration
    PID:663

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads