Overview

overview

10

Static

static

10

5be363e0fa...kes118

ubuntu-20.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5be363e0faf3e8ecc4bf54ba66ac8f40_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240519-2rz1tafd3v

  • MD5

    5be363e0faf3e8ecc4bf54ba66ac8f40

  • SHA1

    f48521b007c49c7c3fe3424819971912f84bf29c

  • SHA256

    23a91d190440fc1c4a8889e2359d593716497f78b71f421365b9bdd1772abcec

  • SHA512

    23aaf0d86b982980ef17eae171ce6c06bdb667f70c0618caff736e9a38a9905b0a2223821ea14ac1cbd313195df1d0252db85a8f8785d1c0e6f4eea7d63e3c04

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX4i2y1q2rJp0:745vRVJKGtSA0VWIoRu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      5be363e0faf3e8ecc4bf54ba66ac8f40_JaffaCakes118

    • Size

      1.2MB

    • MD5

      5be363e0faf3e8ecc4bf54ba66ac8f40

    • SHA1

      f48521b007c49c7c3fe3424819971912f84bf29c

    • SHA256

      23a91d190440fc1c4a8889e2359d593716497f78b71f421365b9bdd1772abcec

    • SHA512

      23aaf0d86b982980ef17eae171ce6c06bdb667f70c0618caff736e9a38a9905b0a2223821ea14ac1cbd313195df1d0252db85a8f8785d1c0e6f4eea7d63e3c04

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX4i2y1q2rJp0:745vRVJKGtSA0VWIoRu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Defense Evasion

Hijack Execution Flow

2
T1574

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks