Overview

overview

10

Static

static

10

JaffaCakes...03dfd7

debian-9-armhf

7

Analysis

  • max time kernel
    146s
  • max time network
    139s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240729-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240729-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    05-01-2025 13:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    JaffaCakes118_a78dee5d554ad89ac0d2ea334f03dfd7

  • Size

    139KB

  • MD5

    a78dee5d554ad89ac0d2ea334f03dfd7

  • SHA1

    283ac19b84d235e1f96fa3d45b3af63c44e5f70c

  • SHA256

    e7321e2c01377430c912bbc5c6f7fe2b9158057d02ab320a371344344bdb5937

  • SHA512

    5decc466d91f551bf56f360a941e569965ba3a09c1dd79c52314ae27d258802dbe05d757a82a989d41627819d55fec654d95b1c69ed021c143f83d25736ab335

  • SSDEEP

    3072:Cv/WwsLgaq353qHiCOvhOpmqkDQHbeskmhxQwoVSUNu:KPLaq351hOpmqkLskmhxQwoVSUNu

Score
7/10
defense_evasiondiscovery

Malware Config

Signatures

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

    discovery
  • Changes its process name 1 IoCs
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

    discovery

Processes

  • /tmp/JaffaCakes118_a78dee5d554ad89ac0d2ea334f03dfd7
    /tmp/JaffaCakes118_a78dee5d554ad89ac0d2ea334f03dfd7
    1⤵
    • Modifies Watchdog functionality
    • Reads system routing table
    • Changes its process name
    • Reads system network configuration
    PID:660

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads