Analysis
-
max time kernel
0s -
max time network
1s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
12-10-2024 06:04
Behavioral task
behavioral1
Sample
38bdb0cd9d08144d096362ac1a1e4116_JaffaCakes118
Resource
debian9-armhf-20240611-en
debian-9-armhf
2 signatures
150 seconds
General
-
Target
38bdb0cd9d08144d096362ac1a1e4116_JaffaCakes118
-
Size
4.5MB
-
MD5
38bdb0cd9d08144d096362ac1a1e4116
-
SHA1
6b0374473e8ce0cae9c26f7b44351e3339a08a7b
-
SHA256
2e3a6bd6d2e03c347d8c717465fec6347037b7f25adae49e9e089bc744706545
-
SHA512
881f7b8387e3dc82f1c0b3842c158329e3afee7fd7cfe60b56995a4e616c092b87de7a2535881ef3ac3df2c54c0a62d609a09909cc325bfc669974e6a594cdbc
-
SSDEEP
49152:tp5mpShKMlyW7kJIHNYckp43yKgKuAb7/C:P5mghRlfI6HK45/C
Score
3/10
Malware Config
Signatures
-
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size 38bdb0cd9d08144d096362ac1a1e4116_JaffaCakes118 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/38bdb0cd9d08144d096362ac1a1e4116_JaffaCakes118.pid 38bdb0cd9d08144d096362ac1a1e4116_JaffaCakes118