Overview

overview

10

Static

static

10

JaffaCakes...c15791

debian-9-armhf

7

Analysis

  • max time kernel
    147s
  • max time network
    152s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240611-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    31/12/2024, 07:51

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_0c1f8b33282f0f4274d04b33cfc15791

  • Size

    90KB

  • MD5

    0c1f8b33282f0f4274d04b33cfc15791

  • SHA1

    154c277f8db6e95154aebb68e5480554879e2082

  • SHA256

    34650d94f3b7a96e0aaaa71e425c61a4695c17b215aa8e47adcb8c19637ac487

  • SHA512

    4a25deee229f5a056a4295d4c82e1758700e8217569c20670b2e93d8c4c4c6c607619c74cefac553b97dc60c66631c7f8a81a18a8a895a666e613f39935a6b53

  • SSDEEP

    1536:yZnu3bWMS7Er+GvVK6sVFUJ9FpJ0lTzyqjZPNGviXS2lpVicRUJzHva5:p3ydExVKjVFUJ9WzyqjZPNGvmjRUJzv

Score
7/10
discovery

Malware Config

Signatures

  • Deletes itself 1 IoCs
  • Unexpected DNS network traffic destination 30 IoCs

    Network traffic to other servers than the configured DNS servers was detected on the DNS port.

  • Changes its process name 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/JaffaCakes118_0c1f8b33282f0f4274d04b33cfc15791
    /tmp/JaffaCakes118_0c1f8b33282f0f4274d04b33cfc15791
    1⤵
    • Deletes itself
    • Changes its process name
    • Reads runtime system information
    PID:656

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads