Analysis
-
max time kernel
149s -
max time network
154s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
13/10/2024, 18:23
General
-
Target
41604f752316709081102a7a6d2bdd45_JaffaCakes118
-
Size
46KB
-
MD5
41604f752316709081102a7a6d2bdd45
-
SHA1
e9d5ddfb865539002167d80f9638586cc5356b39
-
SHA256
7b001458fcb463ea2aa1d7f7e0629dc1ae2c868df476e448dca3b0ed6b4e0b52
-
SHA512
1f0bb27438cd9d47d1dc11ad61c0ca1f931634d33c54d9d27d11e5945323daa9de1de8dce40bba3cf8a0df3ddcccd3baec72e624011158ab0e9efae72ba49683
-
SSDEEP
768:/iconZIW1jcSfEG8AVbDtgsb0SVW1GVjV9q3UEL3UKQc9V6GIIOeMaP:/FW1jtVtLNVW+EL3Utc9VDvOeMm
Malware Config
Extracted
Family
mirai
Botnet
UNST
Signatures
-
Contacts a large (220979) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
description ioc Process File opened for reading /proc/self/exe 41604f752316709081102a7a6d2bdd45_JaffaCakes118 -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/Y 41604f752316709081102a7a6d2bdd45_JaffaCakes118