Overview

overview

10

Static

static

10

43195a0298...kes118

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    43195a0298bcc72b72f5687d4bd49c37_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240729-nddnrswcjq

  • MD5

    43195a0298bcc72b72f5687d4bd49c37

  • SHA1

    90ea668fc256ee75f803da35bad44589cd2caddf

  • SHA256

    43056c0ce96c83c1c21263fd163f9a59156cbab1b5b7b713a4409ba5feeb7a7d

  • SHA512

    8b169b0f24e2676f05110df630c1a1df40d2b89176ebfcfd7ca59678cfad992b2ff152c041c93c1ea66d2f6be64a3a9adf99b67cc59d582ec14a3c207ab421a1

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfa/I+gIGYuuCol7r:4vREKfPqVE5jKsfa/RHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      43195a0298bcc72b72f5687d4bd49c37_JaffaCakes118

    • Size

      1.1MB

    • MD5

      43195a0298bcc72b72f5687d4bd49c37

    • SHA1

      90ea668fc256ee75f803da35bad44589cd2caddf

    • SHA256

      43056c0ce96c83c1c21263fd163f9a59156cbab1b5b7b713a4409ba5feeb7a7d

    • SHA512

      8b169b0f24e2676f05110df630c1a1df40d2b89176ebfcfd7ca59678cfad992b2ff152c041c93c1ea66d2f6be64a3a9adf99b67cc59d582ec14a3c207ab421a1

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfa/I+gIGYuuCol7r:4vREKfPqVE5jKsfa/RHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Defense Evasion

Hijack Execution Flow

2
T1574

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

System Network Configuration Discovery

2
T1016

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks