Overview

overview

10

Static

static

10

6dbfddc399...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6dbfddc3991121ab2232a0d6f775f453_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240730-b6hf7swclf

  • MD5

    6dbfddc3991121ab2232a0d6f775f453

  • SHA1

    6833bbfa03d75146f1a5182212c2674157796679

  • SHA256

    dae7c68a3605b6df65e83e1e53f7ac0a85b85220e8ebb075e5a25a7ca8ebcc22

  • SHA512

    288a6d22e441ceda288ff0391cd87244b313ac2df68f0b76290147fdb54e31a78704a25745e1de05265b16932df79e276fac719b0300f68684da6a90bd78be6c

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX422y1q2rJp0:745vRVJKGtSA0VWIolu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      6dbfddc3991121ab2232a0d6f775f453_JaffaCakes118

    • Size

      1.2MB

    • MD5

      6dbfddc3991121ab2232a0d6f775f453

    • SHA1

      6833bbfa03d75146f1a5182212c2674157796679

    • SHA256

      dae7c68a3605b6df65e83e1e53f7ac0a85b85220e8ebb075e5a25a7ca8ebcc22

    • SHA512

      288a6d22e441ceda288ff0391cd87244b313ac2df68f0b76290147fdb54e31a78704a25745e1de05265b16932df79e276fac719b0300f68684da6a90bd78be6c

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX422y1q2rJp0:745vRVJKGtSA0VWIolu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks