Overview

overview

10

Static

static

10

21db4ff2a0...kes118

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    21db4ff2a01d4d4d4246aea05b5a9c02_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240507-1n57zscd46

  • MD5

    21db4ff2a01d4d4d4246aea05b5a9c02

  • SHA1

    6e6e730abf88ef15824e9d00fcb75956943a02d8

  • SHA256

    3af00ccefc81f874be86a1c3a6184b52a75d0cf4f91ab5343d3f9176cfcbd860

  • SHA512

    2e23d1cdbd819f47726a12a7a90b76c430bbc3013cd2ea190d62235bca7453ef3b57db062c516c382d17dd1065a9535a9e222764a0a04596ca9f7bbbefe8a36f

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4O2y1q2rJp0:745vRVJKGtSA0VWeotu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      21db4ff2a01d4d4d4246aea05b5a9c02_JaffaCakes118

    • Size

      1.2MB

    • MD5

      21db4ff2a01d4d4d4246aea05b5a9c02

    • SHA1

      6e6e730abf88ef15824e9d00fcb75956943a02d8

    • SHA256

      3af00ccefc81f874be86a1c3a6184b52a75d0cf4f91ab5343d3f9176cfcbd860

    • SHA512

      2e23d1cdbd819f47726a12a7a90b76c430bbc3013cd2ea190d62235bca7453ef3b57db062c516c382d17dd1065a9535a9e222764a0a04596ca9f7bbbefe8a36f

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4O2y1q2rJp0:745vRVJKGtSA0VWeotu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Defense Evasion

Hijack Execution Flow

2
T1574

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks