Malware Analysis Report

2025-05-28 17:41

Sample ID 250517-mrm9padp8v
Target JaffaCakes118_061cb158e679cf69483d4f3872fa7273
SHA256 de0442eecaf7ebe1203a3beccf95919cb3bc5728c7e937801af611c73220061c
Tags
kaiten gafgyt
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

de0442eecaf7ebe1203a3beccf95919cb3bc5728c7e937801af611c73220061c

Threat Level: Known bad

The file JaffaCakes118_061cb158e679cf69483d4f3872fa7273 was found to be: Known bad.

Malicious Activity Summary

kaiten gafgyt

Detected Gafgyt variant

Detects Kaiten/Tsunami Payload

Gafgyt family

Kaiten family

MITRE ATT&CK

N/A

Analysis: static1

Detonation Overview

Reported

2025-05-17 10:42

Signatures

Detected Gafgyt variant

Description Indicator Process Target
N/A N/A N/A N/A

Detects Kaiten/Tsunami Payload

Description Indicator Process Target
N/A N/A N/A N/A

Gafgyt family

gafgyt

Kaiten family

kaiten

Analysis: behavioral1

Detonation Overview

Submitted

2025-05-17 10:42

Reported

2025-05-17 10:44

Platform

debian12-armhf-20240729-en

Max time kernel

0s

Max time network

139s

Command Line

[/tmp/JaffaCakes118_061cb158e679cf69483d4f3872fa7273]

Signatures

N/A

Processes

/tmp/JaffaCakes118_061cb158e679cf69483d4f3872fa7273

[/tmp/JaffaCakes118_061cb158e679cf69483d4f3872fa7273]

Network

Country Destination Domain Proto
AU 1.1.1.1:53 debian12-armhf-20240729-en-8 udp
AU 1.1.1.1:53 debian12-armhf-20240729-en-8 udp
AU 1.1.1.1:53 debian12-armhf-20240729-en-8 udp
AU 1.1.1.1:53 debian12-armhf-20240729-en-8 udp
AU 1.1.1.1:53 0.debian.pool.ntp.org udp

Files

N/A