Overview

overview

10

Static

static

10

15621ba30d...kes118

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15621ba30d969a8257fdb89b5cb9d9ed_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240728-mtxadawfjf

  • MD5

    15621ba30d969a8257fdb89b5cb9d9ed

  • SHA1

    7188aeb7a8a43548cb2c19baadd04d525417f1ba

  • SHA256

    d2727ccabe3f5fea59ebc444735c66d9529abf1f3e94780b54ed76f521947d8f

  • SHA512

    279e4b5852e0c0de195b684dbe967b9960580a46c114475f68108f7b0510435df2a348eb12c722b800dbd7b848069d73c797e0dec42325e4bcbcc8c2132f0293

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4y2y1q2rJp0:745vRVJKGtSA0VWeoBu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      15621ba30d969a8257fdb89b5cb9d9ed_JaffaCakes118

    • Size

      1.2MB

    • MD5

      15621ba30d969a8257fdb89b5cb9d9ed

    • SHA1

      7188aeb7a8a43548cb2c19baadd04d525417f1ba

    • SHA256

      d2727ccabe3f5fea59ebc444735c66d9529abf1f3e94780b54ed76f521947d8f

    • SHA512

      279e4b5852e0c0de195b684dbe967b9960580a46c114475f68108f7b0510435df2a348eb12c722b800dbd7b848069d73c797e0dec42325e4bcbcc8c2132f0293

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4y2y1q2rJp0:745vRVJKGtSA0VWeoBu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks