General
-
Target
3bb30848e0c3e3f1e505fc6e2e0a3aa5_JaffaCakes118
-
Size
1.2MB
-
Sample
240729-hxk93axhrj
-
MD5
3bb30848e0c3e3f1e505fc6e2e0a3aa5
-
SHA1
63adb6885882ac443bb65d6346e68c29a69f633d
-
SHA256
01f5c4962d10c5b6fe4acb3afadb435cd055cfaf5b6691ee812f230a30609a24
-
SHA512
0f3ebed6a6e6d81c08e81a5fba644ba0590d55f9bc06bc093cc38eeed4a05ddd70e3c11691d3f0654560e72a4b03ff44903de17c8554715cb37b1576b566b5aa
-
SSDEEP
24576:e845rlHu6gVJKG75oFpA0VW3X4G2y1q2rJp0:745wRVJKGtSA0VW3oVu9p0
Malware Config
Targets
-
-
Target
3bb30848e0c3e3f1e505fc6e2e0a3aa5_JaffaCakes118
-
Size
1.2MB
-
MD5
3bb30848e0c3e3f1e505fc6e2e0a3aa5
-
SHA1
63adb6885882ac443bb65d6346e68c29a69f633d
-
SHA256
01f5c4962d10c5b6fe4acb3afadb435cd055cfaf5b6691ee812f230a30609a24
-
SHA512
0f3ebed6a6e6d81c08e81a5fba644ba0590d55f9bc06bc093cc38eeed4a05ddd70e3c11691d3f0654560e72a4b03ff44903de17c8554715cb37b1576b566b5aa
-
SSDEEP
24576:e845rlHu6gVJKG75oFpA0VW3X4G2y1q2rJp0:745wRVJKGtSA0VW3oVu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-