Analysis
-
max time kernel
147s -
max time network
150s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
30/03/2024, 07:31
Behavioral task
behavioral1
Sample
36dc616622ed3151f77464479931d3b3_JaffaCakes118
Resource
debian9-armhf-20240226-en
3 signatures
150 seconds
General
-
Target
36dc616622ed3151f77464479931d3b3_JaffaCakes118
-
Size
177KB
-
MD5
36dc616622ed3151f77464479931d3b3
-
SHA1
ae11179eb2bd3a6e18d9e736100b8fd7b431890c
-
SHA256
b58bd2545c4e3506809e0786e9395d0529387fa2f13e01000242d2efeea30e26
-
SHA512
5f8b57b76ae7a1fe1bf36777822365b4c4bf8c69cb3c76ed8af887b583b49e6938427aa5902e25b248c55de75efdb41aca0253a54809b3de0210d3c063bee661
-
SSDEEP
3072:QHYzm8niNZyZXWvsYgua6T/laTVrhBnUetJ8add9QzhsinjqsjWDIvmy4Q0LFXzX:ysYPaa/GBUetJ8addQfnjcqmy4Q0LZzX
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 663 36dc616622ed3151f77464479931d3b3_JaffaCakes118 -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route 36dc616622ed3151f77464479931d3b3_JaffaCakes118 -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route 36dc616622ed3151f77464479931d3b3_JaffaCakes118