Overview

overview

10

Static

static

10

6c69a5bf30...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6c69a5bf30abc6ebf7802d16a43e4aad_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240730-blgzyazglj

  • MD5

    6c69a5bf30abc6ebf7802d16a43e4aad

  • SHA1

    6d8b869d0c5621f9c06ac57e1bfb57f484c9d14b

  • SHA256

    0411b4df865e530b3f141441a654cdceb5207c027071bc4f9a80759c2a82fae6

  • SHA512

    539d1e1b22d528b6378114f02dcdc89440a4aa32132c94fd7462ffcbcfcce01d9ccedebbfd766450d6a1673039b5d1dcdb9f7c5dc9367b8182b88acfb3e437e0

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX432y1q2rJp0:745vRVJKGtSA0VWeomu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      6c69a5bf30abc6ebf7802d16a43e4aad_JaffaCakes118

    • Size

      1.2MB

    • MD5

      6c69a5bf30abc6ebf7802d16a43e4aad

    • SHA1

      6d8b869d0c5621f9c06ac57e1bfb57f484c9d14b

    • SHA256

      0411b4df865e530b3f141441a654cdceb5207c027071bc4f9a80759c2a82fae6

    • SHA512

      539d1e1b22d528b6378114f02dcdc89440a4aa32132c94fd7462ffcbcfcce01d9ccedebbfd766450d6a1673039b5d1dcdb9f7c5dc9367b8182b88acfb3e437e0

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX432y1q2rJp0:745vRVJKGtSA0VWeomu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks