Analysis

  • max time kernel
    120s
  • max time network
    188s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    04-10-2024 02:29

General

  • Target

    1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118

  • Size

    4.5MB

  • MD5

    1175c093b7b008cf13a5bc7b93eb9421

  • SHA1

    6eecf8581c28c083ef65ceff46b3f17e574a08eb

  • SHA256

    230d4522c2ffe31d6facd9eae829d486dfc5b4f55b2814e28471c6d0e7c9bf49

  • SHA512

    027e8ef718c36661cb1a2f3579d45e6b743a70eb08feee647eb877194a31dc6d0d9b59d507a4b196dce75aa9ab2f0b6baa54c055be70b0647ec690dc5568919e

  • SSDEEP

    49152:k5n4mMBMQidKJJOwAHEkUw2PuWD4j3lTv3FKuAb7/C:wn4lBziQzVAdTQ/C

Score
3/10

Malware Config

Signatures

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118
    /tmp/1175c093b7b008cf13a5bc7b93eb9421_JaffaCakes118
    1⤵
    • Enumerates kernel/hardware configuration
    • Writes file to tmp directory
    PID:699

Network

  • flag-us
    DNS
    debian12-armhf-20240221-en-0
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-0
    IN AAAA
    Response
  • flag-us
    DNS
    debian12-armhf-20240221-en-0
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-0
    IN A
    Response
  • flag-us
    DNS
    debian12-armhf-20240221-en-0
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-0
    IN AAAA
    Response
  • flag-us
    DNS
    debian12-armhf-20240221-en-0
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-0
    IN A
    Response
  • 185.10.68.89:9100
    420 B
    7
  • 1.1.1.1:53
    debian12-armhf-20240221-en-0
    dns
    74 B
    149 B
    1
    1

    DNS Request

    debian12-armhf-20240221-en-0

  • 1.1.1.1:53
    debian12-armhf-20240221-en-0
    dns
    74 B
    149 B
    1
    1

    DNS Request

    debian12-armhf-20240221-en-0

  • 1.1.1.1:53
    debian12-armhf-20240221-en-0
    dns
    74 B
    149 B
    1
    1

    DNS Request

    debian12-armhf-20240221-en-0

  • 1.1.1.1:53
    debian12-armhf-20240221-en-0
    dns
    74 B
    149 B
    1
    1

    DNS Request

    debian12-armhf-20240221-en-0

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.