Overview

overview

10

Static

static

10

27728b1657...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    27728b1657230961d56265ee5f305647_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240728-18w5tayakq

  • MD5

    27728b1657230961d56265ee5f305647

  • SHA1

    99498fa6b04efb077da64f37f71ec00515ff85ca

  • SHA256

    ae5c45a7a78f5deddd80ff823c1ffae8aeeaa1d8239d2e5470784fbf0d244479

  • SHA512

    29bf708c71eab683ba7f87932a53490cfdff48343d2168a3a70e0d200e3090840c2eebfc5fcca7630ce01ddb38eb530235662f8aa3709e238da658290887783b

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfaHI+gIGYuuCol7r:4vREKfPqVE5jKsfaHRHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      27728b1657230961d56265ee5f305647_JaffaCakes118

    • Size

      1.1MB

    • MD5

      27728b1657230961d56265ee5f305647

    • SHA1

      99498fa6b04efb077da64f37f71ec00515ff85ca

    • SHA256

      ae5c45a7a78f5deddd80ff823c1ffae8aeeaa1d8239d2e5470784fbf0d244479

    • SHA512

      29bf708c71eab683ba7f87932a53490cfdff48343d2168a3a70e0d200e3090840c2eebfc5fcca7630ce01ddb38eb530235662f8aa3709e238da658290887783b

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfaHI+gIGYuuCol7r:4vREKfPqVE5jKsfaHRHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks