General

  • Target

    2f45ba3f2ea6cad5cc0f45f8de9bbe4f_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240510-qe8lmsgd21

  • MD5

    2f45ba3f2ea6cad5cc0f45f8de9bbe4f

  • SHA1

    da52567c7406ae720e5fc6489868b4fae1a855d0

  • SHA256

    36195151c05923c5f267cd2f8f24747af9fa4e73efdc44029f0581591be3c542

  • SHA512

    fe0e3e2de301dfddec95ae76b4bd29df9ace6bf1447318a2f9022a9377d861e43d1518e95a3c56888d649698908a310cbc46a31b482fda882213a3705253f419

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX4k2y1q2rJp0:745vRVJKGtSA0VWIoru9p0

Malware Config

Targets

    • Target

      2f45ba3f2ea6cad5cc0f45f8de9bbe4f_JaffaCakes118

    • Size

      1.2MB

    • MD5

      2f45ba3f2ea6cad5cc0f45f8de9bbe4f

    • SHA1

      da52567c7406ae720e5fc6489868b4fae1a855d0

    • SHA256

      36195151c05923c5f267cd2f8f24747af9fa4e73efdc44029f0581591be3c542

    • SHA512

      fe0e3e2de301dfddec95ae76b4bd29df9ace6bf1447318a2f9022a9377d861e43d1518e95a3c56888d649698908a310cbc46a31b482fda882213a3705253f419

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX4k2y1q2rJp0:745vRVJKGtSA0VWIoru9p0

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Defense Evasion

Hijack Execution Flow

2
T1574

Virtualization/Sandbox Evasion

1
T1497

Discovery

System Network Configuration Discovery

2
T1016

Virtualization/Sandbox Evasion

1
T1497

Tasks