General
-
Target
a04c47869c4a70eaf3075f34b470e8ed_JaffaCakes118
-
Size
1.2MB
-
Sample
240612-mcq22a1cke
-
MD5
a04c47869c4a70eaf3075f34b470e8ed
-
SHA1
5dcb5a93c2165164f1df27a8be68612dc43f325e
-
SHA256
90380b846cc1835d332b61f6e7a4327d04d0a0071590bc389855c5a81600cd47
-
SHA512
266855f08011130a03c2c0b7cf6386b54092c27a7647b9086d89ff6d99638133295cfafca59500ea1340167c3e00d9b9fa66cbdb5239b91c347fc8debfc5545b
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4W2y1q2rJp0:745vRVJKGtSA0VWeoFu9p0
Malware Config
Targets
-
-
Target
a04c47869c4a70eaf3075f34b470e8ed_JaffaCakes118
-
Size
1.2MB
-
MD5
a04c47869c4a70eaf3075f34b470e8ed
-
SHA1
5dcb5a93c2165164f1df27a8be68612dc43f325e
-
SHA256
90380b846cc1835d332b61f6e7a4327d04d0a0071590bc389855c5a81600cd47
-
SHA512
266855f08011130a03c2c0b7cf6386b54092c27a7647b9086d89ff6d99638133295cfafca59500ea1340167c3e00d9b9fa66cbdb5239b91c347fc8debfc5545b
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4W2y1q2rJp0:745vRVJKGtSA0VWeoFu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-