Overview

overview

10

Static

static

10

46dd5e2042...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46dd5e2042863b7fd57b69666894676f_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240729-pqn6pssfrd

  • MD5

    46dd5e2042863b7fd57b69666894676f

  • SHA1

    86b25e80b4dc588f34d39953363df8508f76d048

  • SHA256

    c80eb0ce65efb98916fea1924d0369c22984bd6de20dfc876ba2c80385ee20c8

  • SHA512

    b5a2a09e7f682bedc3edcbd7eb4a85fa69774f0cab6530ecf1ad61a234ca94c9c6c4d9eb97619683424d5327b5ce9c74a4471b1760ada1d3e0143609a89d9cc5

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX4l2y1q2rJp0:745vRVJKGtSA0VWIoMu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      46dd5e2042863b7fd57b69666894676f_JaffaCakes118

    • Size

      1.2MB

    • MD5

      46dd5e2042863b7fd57b69666894676f

    • SHA1

      86b25e80b4dc588f34d39953363df8508f76d048

    • SHA256

      c80eb0ce65efb98916fea1924d0369c22984bd6de20dfc876ba2c80385ee20c8

    • SHA512

      b5a2a09e7f682bedc3edcbd7eb4a85fa69774f0cab6530ecf1ad61a234ca94c9c6c4d9eb97619683424d5327b5ce9c74a4471b1760ada1d3e0143609a89d9cc5

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX4l2y1q2rJp0:745vRVJKGtSA0VWIoMu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Defense Evasion

Hijack Execution Flow

2
T1574

Virtualization/Sandbox Evasion

1
T1497

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks