General
-
Target
5c34f94033535e6a954b44444228cb3e_JaffaCakes118
-
Size
1.1MB
-
Sample
240729-ykdmfsxcrq
-
MD5
5c34f94033535e6a954b44444228cb3e
-
SHA1
5f9cba3072013040a36127c12e9a17746086a91e
-
SHA256
aa96788936eb8876e488235b158d2baa1fc04f1ecb450ef103df239243ec307b
-
SHA512
a98f5f251e3feea6e1b01adffd511d025cdd2e88e25a74ed3ada7cb3c66f79a6e2b3165dbcdd94ce0351cfeae8b2b9dfdc17ac4d9b1fe0003006bbdff3a8891d
-
SSDEEP
24576:cb3M4ZGqyeivlBOe56bEEFDrhTCB8T+UWlJDrmQLNwy0R:cjM+xyLvOe56oIrhTCB8qzlJDr5d0R
Malware Config
Targets
-
-
Target
5c34f94033535e6a954b44444228cb3e_JaffaCakes118
-
Size
1.1MB
-
MD5
5c34f94033535e6a954b44444228cb3e
-
SHA1
5f9cba3072013040a36127c12e9a17746086a91e
-
SHA256
aa96788936eb8876e488235b158d2baa1fc04f1ecb450ef103df239243ec307b
-
SHA512
a98f5f251e3feea6e1b01adffd511d025cdd2e88e25a74ed3ada7cb3c66f79a6e2b3165dbcdd94ce0351cfeae8b2b9dfdc17ac4d9b1fe0003006bbdff3a8891d
-
SSDEEP
24576:cb3M4ZGqyeivlBOe56bEEFDrhTCB8T+UWlJDrmQLNwy0R:cjM+xyLvOe56oIrhTCB8qzlJDr5d0R
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-