Overview

overview

10

Static

static

10

27e63b06a6...kes118

ubuntu-22.04-amd64

10

Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240729-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240729-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    28-07-2024 22:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    27e63b06a61b4f3d6f417341c31062b4_JaffaCakes118

  • Size

    1.1MB

  • MD5

    27e63b06a61b4f3d6f417341c31062b4

  • SHA1

    3e032c225fa8a852c7f60ef43f19a45fbdde5b17

  • SHA256

    840ac748c10b7ea6025933eaf10d87a929a4c0bb17393de4b234bdbdb66b8f5a

  • SHA512

    60c3c3d14ffc03f6dd3661c628deec064efc987d8aae71519c3d6f2d92693272849562ed55feeb7dfa9764078a949c244249946f10b90b8d1382b9c148c8ccb7

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfaxI+gIGYuuCol7r:4vREKfPqVE5jKsfaxRHGVo7r

Score
10/10
mrblackantivmbotnettrojan

Malware Config

Signatures

  • MrBlack Trojan

    IoT botnet which infects routers to be used for DDoS attacks.

    trojanbotnetmrblack
  • MrBlack trojan 1 IoCs
  • Executes dropped EXE 1 IoCs
  • Write file to user bin folder 1 TTPs 3 IoCs
  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 9 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 4 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/27e63b06a61b4f3d6f417341c31062b4_JaffaCakes118
    /tmp/27e63b06a61b4f3d6f417341c31062b4_JaffaCakes118
    1⤵
    • Write file to user bin folder
    • Checks CPU configuration
    • Reads system network configuration
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1520
    • /bin/sh
      sh -c "mkdir -p /usr/bin/bsd-port"
      2⤵
        PID:1528
        • /usr/bin/mkdir
          mkdir -p /usr/bin/bsd-port
          3⤵
          • Reads runtime system information
          PID:1529
      • /bin/sh
        sh -c "cp -f /tmp/27e63b06a61b4f3d6f417341c31062b4_JaffaCakes118 /usr/bin/bsd-port/"
        2⤵
          PID:1530
          • /usr/bin/cp
            cp -f /tmp/27e63b06a61b4f3d6f417341c31062b4_JaffaCakes118 /usr/bin/bsd-port/
            3⤵
            • Write file to user bin folder
            • Reads runtime system information
            PID:1531
        • /bin/sh
          sh -c /usr/bin/bsd-port/
          2⤵
            PID:1533
            • /usr/bin/bsd-port
              /usr/bin/bsd-port/
              3⤵
                PID:1534
            • /bin/sh
              sh -c "mkdir -p /usr/bin"
              2⤵
                PID:1535
                • /usr/bin/mkdir
                  mkdir -p /usr/bin
                  3⤵
                  • Reads runtime system information
                  PID:1536
              • /bin/sh
                sh -c "cp -f /tmp/27e63b06a61b4f3d6f417341c31062b4_JaffaCakes118 /usr/bin/acpid"
                2⤵
                  PID:1537
                  • /usr/bin/cp
                    cp -f /tmp/27e63b06a61b4f3d6f417341c31062b4_JaffaCakes118 /usr/bin/acpid
                    3⤵
                    • Write file to user bin folder
                    • Reads runtime system information
                    PID:1538
                • /bin/sh
                  sh -c /usr/bin/acpid
                  2⤵
                    PID:1540
                    • /usr/bin/acpid
                      /usr/bin/acpid
                      3⤵
                      • Executes dropped EXE
                      • Reads runtime system information
                      • Writes file to tmp directory
                      PID:1541
                  • /bin/sh
                    sh -c "insmod /usr/lib/xpacket.ko"
                    2⤵
                      PID:1543
                      • /usr/sbin/insmod
                        insmod /usr/lib/xpacket.ko
                        3⤵
                        • Reads runtime system information
                        PID:1544

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /tmp/gates.note
                    Filesize

                    4B

                    MD5

                    253f7b5d921338af34da817c00f42753

                    SHA1

                    3ea77f23ba3301129b3fc06daf1ee04ecd559293

                    SHA256

                    9674b1f53ad3b01c8b4eeab981da48a47549f11f6ae31acc27099325c6beae32

                    SHA512

                    d2b50e2474b199dda0ecacefd9eaab101ecee7d6cd73af59cecf053c3b0738899428ab75739c2c5d599410f8bcf3b95f66717d2dcf399c63e4e2ae2ae9d81c07

                    Download Submit

                  • /tmp/notify.file
                    Filesize

                    51B

                    MD5

                    6656fd0da1f7e7de3d42713084bc036d

                    SHA1

                    0d04cb14f50af3c04cff20e515366426d3892c59

                    SHA256

                    11985370ae577f363e2f0085cb7c66335ea0d517b5b74b6234f63d58d74e13e8

                    SHA512

                    05d551f0408e652664d11b47f1920835cc9f0526953cc5edde6ea84d437775eef1f9bb2a2cd69646342c108c394b83b29deb267bc1c6057fc23bfc8104b26491

                    Download Submit

                  • /usr/bin/bsd-port/27e63b06a61b4f3d6f417341c31062b4_JaffaCakes118
                    Filesize

                    1.1MB

                    MD5

                    27e63b06a61b4f3d6f417341c31062b4

                    SHA1

                    3e032c225fa8a852c7f60ef43f19a45fbdde5b17

                    SHA256

                    840ac748c10b7ea6025933eaf10d87a929a4c0bb17393de4b234bdbdb66b8f5a

                    SHA512

                    60c3c3d14ffc03f6dd3661c628deec064efc987d8aae71519c3d6f2d92693272849562ed55feeb7dfa9764078a949c244249946f10b90b8d1382b9c148c8ccb7

                    Download Submit