7fa8ebcccde118986c4fd4a0f61ca7e513d1c2e28a6efdf183c10204550d87ce

Analysis

max time kernel
120s
max time network
70s
platform
debian-9_armhf
resource
debian9-armhf-20240226-en
resource tags

arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
submitted
15-04-2024 01:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

effe75ab4e438e916c5ea012c450ae23_JaffaCakes118
Size

4.5MB
MD5

effe75ab4e438e916c5ea012c450ae23
SHA1

987674651a905eeb2905a4e45fc260eaec170b95
SHA256

7fa8ebcccde118986c4fd4a0f61ca7e513d1c2e28a6efdf183c10204550d87ce
SHA512

508f05a7ac5cebb72f8d8aac52322746c500d64f16555f67d8a59ecede0a11e077daafa23456285c399443a9c12cb262aed50fb05094120a13a237b0371f5a62
SSDEEP

49152:s5n4mMBMQidKJJOwAHEkUw2PuWD4jElTv3FKuAb7/C:4n4lBziQzVA6TQ/C

Score

3^/10

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.

System Information Discovery
T1082

Processes:

effe75ab4e438e916c5ea012c450ae23_JaffaCakes118

description ioc process

File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size effe75ab4e438e916c5ea012c450ae23_JaffaCakes118

description	ioc	process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	effe75ab4e438e916c5ea012c450ae23_JaffaCakes118

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

Processes:

effe75ab4e438e916c5ea012c450ae23_JaffaCakes118

description	ioc	process
File opened for modification	/tmp/effe75ab4e438e916c5ea012c450ae23_JaffaCakes118.pid	effe75ab4e438e916c5ea012c450ae23_JaffaCakes118

/tmp/effe75ab4e438e916c5ea012c450ae23_JaffaCakes118
/tmp/effe75ab4e438e916c5ea012c450ae23_JaffaCakes118
1⤵
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:639

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads