16a71312dce99e239db7f869e936c2a1fccd1482a93e25829f815ac39349fc91

Analysis

max time kernel
0s
max time network
143s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
01-08-2024 21:38

Target

81d16c2027847567b930daa10f0b29ed_JaffaCakes118
Size

130KB
MD5

81d16c2027847567b930daa10f0b29ed
SHA1

a03ef2a46333e426253c23db31f60a9ebf4cd58e
SHA256

16a71312dce99e239db7f869e936c2a1fccd1482a93e25829f815ac39349fc91
SHA512

58f342311efa5671fe85088ce3ffd147dac6baf8a9c58bbf431486141d5e819185f94b63819428195227514fa671c0611662bd880442e41a09758306c3e1e293
SSDEEP

3072:MA/pAUAOZEXgQczKuCVmlJx74DiI4UG5hHDI+OyWaLIM/9+D3:MAxvAOZsgQczKj4JhI4UG5hjIyWacM/e

Score

7^/10

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Impair Defenses

description	ioc	Process
File opened for modification	/dev/watchdog	81d16c2027847567b930daa10f0b29ed_JaffaCakes118
File opened for modification	/dev/misc/watchdog	81d16c2027847567b930daa10f0b29ed_JaffaCakes118

/tmp/81d16c2027847567b930daa10f0b29ed_JaffaCakes118
/tmp/81d16c2027847567b930daa10f0b29ed_JaffaCakes118
1⤵
- Modifies Watchdog functionality
PID:703

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact