Overview

overview

10

Static

static

10

69410bbae7...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69410bbae79cb9d5e8dabb730c1471a7_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240730-aehr8axfrr

  • MD5

    69410bbae79cb9d5e8dabb730c1471a7

  • SHA1

    547abc943d301c07f118ed1e0a7181bb5f531e12

  • SHA256

    20ccbec3fa97e1a10571f0266c2fc21add5f07e66ed09bb79a10f2353288c6fa

  • SHA512

    659e625d1cd35c569b99067e78152c02efc0b07f88598eac085eb97a6faad7e586958e0fe1cc46099d6e1f905217379463f48047b8632ed0ecb64df067085645

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX412y1q2rJp0:745vRVJKGtSA0VWeo8u9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      69410bbae79cb9d5e8dabb730c1471a7_JaffaCakes118

    • Size

      1.2MB

    • MD5

      69410bbae79cb9d5e8dabb730c1471a7

    • SHA1

      547abc943d301c07f118ed1e0a7181bb5f531e12

    • SHA256

      20ccbec3fa97e1a10571f0266c2fc21add5f07e66ed09bb79a10f2353288c6fa

    • SHA512

      659e625d1cd35c569b99067e78152c02efc0b07f88598eac085eb97a6faad7e586958e0fe1cc46099d6e1f905217379463f48047b8632ed0ecb64df067085645

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX412y1q2rJp0:745vRVJKGtSA0VWeo8u9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks