General

  • Target

    21652156824d4a074e1b690d4f6bfad7_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240507-x62qqsbg6v

  • MD5

    21652156824d4a074e1b690d4f6bfad7

  • SHA1

    43f2d4779ee62982f574143e86cb95c65e1fdd49

  • SHA256

    0f59819c0394537dc96ff243c24d432fc47f44fc72cfc4ccba43c8e5bde8bcf2

  • SHA512

    7298344489af32ab2d967200ed70eea00096090d09e809d9288d3a5945b108abcd1ca2a939941eb4b040972a243c2ba3990ec20d2744caa11fdf125e77dc22d4

  • SSDEEP

    24576:e845rlHu6gVJKG75oFpA0VW/X4G2y1q2rJp0:745wRVJKGtSA0VW/oVu9p0

Malware Config

Targets

    • Target

      21652156824d4a074e1b690d4f6bfad7_JaffaCakes118

    • Size

      1.2MB

    • MD5

      21652156824d4a074e1b690d4f6bfad7

    • SHA1

      43f2d4779ee62982f574143e86cb95c65e1fdd49

    • SHA256

      0f59819c0394537dc96ff243c24d432fc47f44fc72cfc4ccba43c8e5bde8bcf2

    • SHA512

      7298344489af32ab2d967200ed70eea00096090d09e809d9288d3a5945b108abcd1ca2a939941eb4b040972a243c2ba3990ec20d2744caa11fdf125e77dc22d4

    • SSDEEP

      24576:e845rlHu6gVJKG75oFpA0VW/X4G2y1q2rJp0:745wRVJKGtSA0VW/oVu9p0

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks