Analysis
-
max time kernel
120s -
max time network
188s -
platform
debian-12_armhf -
resource
debian12-armhf-20240221-en -
resource tags
arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem -
submitted
04-10-2024 02:29
Behavioral task
behavioral1
Sample
1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118
Resource
debian12-armhf-20240221-en
debian-12-armhf
2 signatures
150 seconds
General
-
Target
1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118
-
Size
4.5MB
-
MD5
1175c093b7b008cf13a5bc7b93eb9421
-
SHA1
6eecf8581c28c083ef65ceff46b3f17e574a08eb
-
SHA256
230d4522c2ffe31d6facd9eae829d486dfc5b4f55b2814e28471c6d0e7c9bf49
-
SHA512
027e8ef718c36661cb1a2f3579d45e6b743a70eb08feee647eb877194a31dc6d0d9b59d507a4b196dce75aa9ab2f0b6baa54c055be70b0647ec690dc5568919e
-
SSDEEP
49152:k5n4mMBMQidKJJOwAHEkUw2PuWD4j3lTv3FKuAb7/C:wn4lBziQzVAdTQ/C
Score
3/10
Malware Config
Signatures
-
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size 1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118.pid 1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118
Processes
Network
-
Remote address:1.1.1.1:53Requestdebian12-armhf-20240221-en-0IN AAAAResponse
-
Remote address:1.1.1.1:53Requestdebian12-armhf-20240221-en-0IN AResponse
-
Remote address:1.1.1.1:53Requestdebian12-armhf-20240221-en-0IN AAAAResponse
-
Remote address:1.1.1.1:53Requestdebian12-armhf-20240221-en-0IN AResponse
-
74 B 149 B 1 1
DNS Request
debian12-armhf-20240221-en-0
-
74 B 149 B 1 1
DNS Request
debian12-armhf-20240221-en-0
-
74 B 149 B 1 1
DNS Request
debian12-armhf-20240221-en-0
-
74 B 149 B 1 1
DNS Request
debian12-armhf-20240221-en-0