Analysis
-
max time kernel
149s -
max time network
151s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
16-04-2024 16:20
Behavioral task
behavioral1
Sample
f3daa8bd2ecba6ddbde6614d407b8c25_JaffaCakes118
Resource
debian9-mipsbe-20240226-en
General
-
Target
f3daa8bd2ecba6ddbde6614d407b8c25_JaffaCakes118
-
Size
97KB
-
MD5
f3daa8bd2ecba6ddbde6614d407b8c25
-
SHA1
fd0aee1cf4428c3b35625116ac79babd4baf4ed7
-
SHA256
8077bb4ec400dca540d14eff742b3da14d709b0b9f49dc2968ee527a87c383d1
-
SHA512
0230ef365790cbc00cd8bb8bb3c5d41bc55d9b3e539ea1e65e0883b7379bee54f4132f425dfcfb4a7f5d087a00b77236cd77294011ceaadb963906115393d8aa
-
SSDEEP
3072:XDIkiGgcsQoeJP0r01ed6WP0qNuCd4aRP9:iU2Rd6WP0qNuCuMP9
Malware Config
Signatures
-
Contacts a large (20669) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 44 IoCs
Reads data from /proc virtual filesystem.
Processes:
description ioc File opened for reading /proc/675/exe File opened for reading /proc/686/exe File opened for reading /proc/703/exe File opened for reading /proc/1/fd File opened for reading /proc/178/fd File opened for reading /proc/337/fd File opened for reading /proc/342/fd File opened for reading /proc/435/fd File opened for reading /proc/710/exe File opened for reading /proc/730/exe File opened for reading /proc/253/fd File opened for reading /proc/784/exe File opened for reading /proc/707/exe File opened for reading /proc/718/exe File opened for reading /proc/792/exe File opened for reading /proc/680/fd File opened for reading /proc/704/fd File opened for reading /proc/718/fd File opened for reading /proc/712/exe File opened for reading /proc/680/exe File opened for reading /proc/435/exe File opened for reading /proc/388/fd File opened for reading /proc/679/fd File opened for reading /proc/703/fd File opened for reading /proc/715/fd File opened for reading /proc/717/fd File opened for reading /proc/686/fd File opened for reading /proc/712/fd File opened for reading /proc/780/exe File opened for reading /proc/336/fd File opened for reading /proc/340/fd File opened for reading /proc/383/fd File opened for reading /proc/675/fd File opened for reading /proc/685/fd File opened for reading /proc/154/fd File opened for reading /proc/706/fd File opened for reading /proc/714/fd File opened for reading /proc/719/fd File opened for reading /proc/685/exe File opened for reading /proc/384/fd File opened for reading /proc/343/fd File opened for reading /proc/715/exe File opened for reading /proc/679/exe File opened for reading /proc/709/exe