Analysis

  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    16-06-2024 00:40

General

  • Target

    b0f0d33a5b261b41255c960c813b310f_JaffaCakes118

  • Size

    87KB

  • MD5

    b0f0d33a5b261b41255c960c813b310f

  • SHA1

    785f74b64a2e4714949a03ca7ae3668749d4f134

  • SHA256

    f965b822878cb12b899130bcffdcd5b789e9a69a0d8b925cf37f7a5a2bfcfd6d

  • SHA512

    cdf4e8d898b5f2fcae8ae89dc6bf22824d39b58aadcc397d09bd3c8bc2c2aeaa6d26b02e50592ee73c76d212b82f5f2cfb1418c3febd48e1dc861fa20159a31a

  • SSDEEP

    1536:R7Xa/qOBGdYdyRCQ+acq/m93JAI2OHEzKg/Ht5a+Ya3Tt5ul4Be+jR:R7XxOBGdYdYcR2kqK6baraDbul4B/jR

Score
9/10

Malware Config

Signatures

  • Contacts a large (47505) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Unexpected DNS network traffic destination 35 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads