230d4522c2ffe31d6facd9eae829d486dfc5b4f55b2814e28471c6d0e7c9bf49

Analysis

max time kernel
120s
max time network
188s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
04/10/2024, 02:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118
Size

4.5MB
MD5

1175c093b7b008cf13a5bc7b93eb9421
SHA1

6eecf8581c28c083ef65ceff46b3f17e574a08eb
SHA256

230d4522c2ffe31d6facd9eae829d486dfc5b4f55b2814e28471c6d0e7c9bf49
SHA512

027e8ef718c36661cb1a2f3579d45e6b743a70eb08feee647eb877194a31dc6d0d9b59d507a4b196dce75aa9ab2f0b6baa54c055be70b0647ec690dc5568919e
SSDEEP

49152:k5n4mMBMQidKJJOwAHEkUw2PuWD4j3lTv3FKuAb7/C:wn4lBziQzVAdTQ/C

Score

3^/10

discovery

Malware Config

Signatures

Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

Reads contents of /sys virtual filesystem to enumerate system information.

discovery

System Information Discovery

T1082

description	ioc	Process
File opened for reading	/sys/kernel/mm/transparent_hugepage/hpage_pmd_size	1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118

Writes file to tmp directory 1 IoCs

Malware often drops required files in the /tmp directory.

description	ioc	Process
File opened for modification	/tmp/1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118.pid	1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118

/tmp/1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118
/tmp/1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118
1⤵
- Enumerates kernel/hardware configuration
- Writes file to tmp directory
PID:699

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Windows 7 deprecation

Loading Replay Monitor...