593618364f32ed25961d97e46f2fce3b161db9b68056ecc11649cc388871641f

Analysis

max time kernel
122s
max time network
155s
platform
debian-12_mipsel
resource
debian12-mipsel-20240221-en
resource tags

arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
submitted
06/09/2024, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118
Size

121KB
MD5

cfbfb4a03ece1cda6b9d35a1db0fab6b
SHA1

3de925cb4c95ded7fa5ed4de4ff5805648bb1482
SHA256

593618364f32ed25961d97e46f2fce3b161db9b68056ecc11649cc388871641f
SHA512

69280447f8b2e6fd476bbd75f1b44bc9165ff51d669d8295bef369d58fac981d09c5907e2631cbd3c7c405fbe210aa248521dd811464fdb656d4b7a8edac8726
SSDEEP

1536:3FHJgo84HBLsBf4No65O4mnLI2N23TQ2iqVbhPJ6Q4K2AUyWmeuVknsYRpVP87k+:3Uo86BLEAa6gDL9WPJX2AUD729upBo

Score

9^/10

defense_evasion discovery

Malware Config

Signatures

Contacts a large (2720) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Deletes itself 1 IoCs

pid	Process
746	cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118

Modifies Watchdog functionality 1 TTPs 2 IoCs

Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

defense_evasion

Impair Defenses

T1562

description	ioc	Process
File opened for modification	/dev/watchdog	cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118
File opened for modification	/dev/misc/watchdog	cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118

Enumerates active TCP sockets 1 TTPs 1 IoCs

Gets active TCP sockets from /proc virtual filesystem.

discovery

System Network Connections Discovery

T1049

description	ioc	Process
File opened for reading	/proc/net/tcp	cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118

Changes its process name 1 IoCs

description	ioc	pid	Process
Changes the process name, possibly in an attempt to hide itself	ddst4u3ff6fqg0lauaaedvjqon7ms4sw	746	cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118

Reads system network configuration 1 TTPs 1 IoCs

Uses contents of /proc filesystem to enumerate network settings.

discovery

Internet Connection Discovery

T1016.001

description	ioc	Process
File opened for reading	/proc/net/tcp	cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118

/tmp/cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118
/tmp/cfbfb4a03ece1cda6b9d35a1db0fab6b_JaffaCakes118
1⤵
- Deletes itself
- Modifies Watchdog functionality
- Enumerates active TCP sockets
- Changes its process name
- Reads system network configuration
PID:746

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Impair Defenses

T1562

Credential Access

Discovery

Network Service Discovery

T1046

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

System Network Connections Discovery

T1049

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads