Overview

overview

10

Static

static

10

a04c47869c...kes118

ubuntu-20.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a04c47869c4a70eaf3075f34b470e8ed_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240612-mcq22a1cke

  • MD5

    a04c47869c4a70eaf3075f34b470e8ed

  • SHA1

    5dcb5a93c2165164f1df27a8be68612dc43f325e

  • SHA256

    90380b846cc1835d332b61f6e7a4327d04d0a0071590bc389855c5a81600cd47

  • SHA512

    266855f08011130a03c2c0b7cf6386b54092c27a7647b9086d89ff6d99638133295cfafca59500ea1340167c3e00d9b9fa66cbdb5239b91c347fc8debfc5545b

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4W2y1q2rJp0:745vRVJKGtSA0VWeoFu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      a04c47869c4a70eaf3075f34b470e8ed_JaffaCakes118

    • Size

      1.2MB

    • MD5

      a04c47869c4a70eaf3075f34b470e8ed

    • SHA1

      5dcb5a93c2165164f1df27a8be68612dc43f325e

    • SHA256

      90380b846cc1835d332b61f6e7a4327d04d0a0071590bc389855c5a81600cd47

    • SHA512

      266855f08011130a03c2c0b7cf6386b54092c27a7647b9086d89ff6d99638133295cfafca59500ea1340167c3e00d9b9fa66cbdb5239b91c347fc8debfc5545b

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4W2y1q2rJp0:745vRVJKGtSA0VWeoFu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks