General
-
Target
27728b1657230961d56265ee5f305647_JaffaCakes118
-
Size
1.1MB
-
Sample
240728-18w5tayakq
-
MD5
27728b1657230961d56265ee5f305647
-
SHA1
99498fa6b04efb077da64f37f71ec00515ff85ca
-
SHA256
ae5c45a7a78f5deddd80ff823c1ffae8aeeaa1d8239d2e5470784fbf0d244479
-
SHA512
29bf708c71eab683ba7f87932a53490cfdff48343d2168a3a70e0d200e3090840c2eebfc5fcca7630ce01ddb38eb530235662f8aa3709e238da658290887783b
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaHI+gIGYuuCol7r:4vREKfPqVE5jKsfaHRHGVo7r
Malware Config
Targets
-
-
Target
27728b1657230961d56265ee5f305647_JaffaCakes118
-
Size
1.1MB
-
MD5
27728b1657230961d56265ee5f305647
-
SHA1
99498fa6b04efb077da64f37f71ec00515ff85ca
-
SHA256
ae5c45a7a78f5deddd80ff823c1ffae8aeeaa1d8239d2e5470784fbf0d244479
-
SHA512
29bf708c71eab683ba7f87932a53490cfdff48343d2168a3a70e0d200e3090840c2eebfc5fcca7630ce01ddb38eb530235662f8aa3709e238da658290887783b
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaHI+gIGYuuCol7r:4vREKfPqVE5jKsfaHRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-