Overview

overview

10

Static

static

10

1667e92adf...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1667e92adf34ba91e26b75d8faf7c934_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240728-nctctsvckq

  • MD5

    1667e92adf34ba91e26b75d8faf7c934

  • SHA1

    d9795a5894f120aa45f808c640d854a3743a858b

  • SHA256

    feae327b591a0bfda987bfd51c03d7ffe2d2f2a5e1c4746f84ab5c56e26cfb34

  • SHA512

    9637815d7d5a6800686cccefbca0a3e9b167f20453ee8fc648a729c545298f01543cd47b8696cb28d729701ffd2fd261e85ab92299a15ba6691c4eeda9e50792

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfalI+gIGYuuCol7r:4vREKfPqVE5jKsfalRHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      1667e92adf34ba91e26b75d8faf7c934_JaffaCakes118

    • Size

      1.1MB

    • MD5

      1667e92adf34ba91e26b75d8faf7c934

    • SHA1

      d9795a5894f120aa45f808c640d854a3743a858b

    • SHA256

      feae327b591a0bfda987bfd51c03d7ffe2d2f2a5e1c4746f84ab5c56e26cfb34

    • SHA512

      9637815d7d5a6800686cccefbca0a3e9b167f20453ee8fc648a729c545298f01543cd47b8696cb28d729701ffd2fd261e85ab92299a15ba6691c4eeda9e50792

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfalI+gIGYuuCol7r:4vREKfPqVE5jKsfalRHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Defense Evasion

Hijack Execution Flow

2
T1574

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks