General
-
Target
5a65bb128b85d38e41e465f9c624de28_JaffaCakes118
-
Size
1.2MB
-
Sample
240729-xtm2tazbmb
-
MD5
5a65bb128b85d38e41e465f9c624de28
-
SHA1
fa824c18cf6e4f6f29c46312695af5b8af7b4a81
-
SHA256
2e2c77d5e13e38189faa672d4f82c023123911d64e73e3475623f73c24c36d3d
-
SHA512
d4d8015f481e89edb66e8c845347cdb453fe62a75bbeb6cfddf010a2fcbc033e689086b9c2a8eaac09961562b8203ec60bbdee4a6216f6d32580f3088a4bdd3f
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX402y1q2rJp0:745vRVJKGtSA0VWeobu9p0
Malware Config
Targets
-
-
Target
5a65bb128b85d38e41e465f9c624de28_JaffaCakes118
-
Size
1.2MB
-
MD5
5a65bb128b85d38e41e465f9c624de28
-
SHA1
fa824c18cf6e4f6f29c46312695af5b8af7b4a81
-
SHA256
2e2c77d5e13e38189faa672d4f82c023123911d64e73e3475623f73c24c36d3d
-
SHA512
d4d8015f481e89edb66e8c845347cdb453fe62a75bbeb6cfddf010a2fcbc033e689086b9c2a8eaac09961562b8203ec60bbdee4a6216f6d32580f3088a4bdd3f
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX402y1q2rJp0:745vRVJKGtSA0VWeobu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-