Overview

overview

10

Static

static

10

5c45c50ba7...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5c45c50ba79bbf2b6b16a5cc68e34db1_JaffaCakes118

  • Size

    1.1MB

  • Sample

    240729-yk6y1axdml

  • MD5

    5c45c50ba79bbf2b6b16a5cc68e34db1

  • SHA1

    b41a8b9a6c8968596e86fe20858c47b2c6d49150

  • SHA256

    50c5701fdd522d200d157989a20053b7df18bd4113e166ff42416961895d17da

  • SHA512

    9b769ddf3dc9ff033ae2d62bad298496dd9e606146264cfc7fecd9a4a4a7d7f3735ff7a38e8a0e8188b2c9931869c1e8d13766fd1a5c29a9c696da57de723502

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfaKI+gIGYuuCol7r:4vREKfPqVE5jKsfaKRHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      5c45c50ba79bbf2b6b16a5cc68e34db1_JaffaCakes118

    • Size

      1.1MB

    • MD5

      5c45c50ba79bbf2b6b16a5cc68e34db1

    • SHA1

      b41a8b9a6c8968596e86fe20858c47b2c6d49150

    • SHA256

      50c5701fdd522d200d157989a20053b7df18bd4113e166ff42416961895d17da

    • SHA512

      9b769ddf3dc9ff033ae2d62bad298496dd9e606146264cfc7fecd9a4a4a7d7f3735ff7a38e8a0e8188b2c9931869c1e8d13766fd1a5c29a9c696da57de723502

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfaKI+gIGYuuCol7r:4vREKfPqVE5jKsfaKRHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks