Analysis

  • max time kernel
    0s
  • max time network
    1s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    12-10-2024 06:04

General

  • Target

    38bdb0cd9d08144d096362ac1a1e4116_JaffaCakes118

  • Size

    4.5MB

  • MD5

    38bdb0cd9d08144d096362ac1a1e4116

  • SHA1

    6b0374473e8ce0cae9c26f7b44351e3339a08a7b

  • SHA256

    2e3a6bd6d2e03c347d8c717465fec6347037b7f25adae49e9e089bc744706545

  • SHA512

    881f7b8387e3dc82f1c0b3842c158329e3afee7fd7cfe60b56995a4e616c092b87de7a2535881ef3ac3df2c54c0a62d609a09909cc325bfc669974e6a594cdbc

  • SSDEEP

    49152:tp5mpShKMlyW7kJIHNYckp43yKgKuAb7/C:P5mghRlfI6HK45/C

Score
3/10

Malware Config

Signatures

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/38bdb0cd9d08144d096362ac1a1e4116_JaffaCakes118
    /tmp/38bdb0cd9d08144d096362ac1a1e4116_JaffaCakes118
    1⤵
    • Enumerates kernel/hardware configuration
    • Writes file to tmp directory
    PID:649

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads