Overview

overview

10

Static

static

10

2939aadefa...kes118

ubuntu-20.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2939aadefa42ec7ad1c03d0c6f73b9cb_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240329-wt6y9aee9s

  • MD5

    2939aadefa42ec7ad1c03d0c6f73b9cb

  • SHA1

    73172c7388b4392f5ca77178a00baa50e3df9785

  • SHA256

    119da99cd938fb3eeaa4c6e824ebaa9efb36abc66aa04ab60efb7f63350018eb

  • SHA512

    939f8458854cfbdc32d7954747c95ea7a2341fda7669840e9123e18662cd95fc63f010f2a017becc51f5b817811fb7dc041597031f0d8d9a9a5c6cc28b5e3d67

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4S2y1q2rJp0:745vRVJKGtSA0VWeohu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      2939aadefa42ec7ad1c03d0c6f73b9cb_JaffaCakes118

    • Size

      1.2MB

    • MD5

      2939aadefa42ec7ad1c03d0c6f73b9cb

    • SHA1

      73172c7388b4392f5ca77178a00baa50e3df9785

    • SHA256

      119da99cd938fb3eeaa4c6e824ebaa9efb36abc66aa04ab60efb7f63350018eb

    • SHA512

      939f8458854cfbdc32d7954747c95ea7a2341fda7669840e9123e18662cd95fc63f010f2a017becc51f5b817811fb7dc041597031f0d8d9a9a5c6cc28b5e3d67

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4S2y1q2rJp0:745vRVJKGtSA0VWeohu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks