General
-
Target
6e2e71eec8d4c018d70f33c15621aa35_JaffaCakes118
-
Size
1.5MB
-
Sample
240730-cb1vqssblk
-
MD5
6e2e71eec8d4c018d70f33c15621aa35
-
SHA1
c83935da847a5eeff1152565cdb79e1129cf4e00
-
SHA256
98811afe3b43cebb55cf7e70463622dc66e020edf5b0d39d198438abf7740814
-
SHA512
664defc7f27f4cb9445b24c298f35f559c089ea5847be62db9bfc7384b970bd620235f7a2f81d6ad5d7e41c0f1bca4b4f358fdd98e7764e2d96aa91106490c31
-
SSDEEP
24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMAnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMAnLmB
Malware Config
Targets
-
-
Target
6e2e71eec8d4c018d70f33c15621aa35_JaffaCakes118
-
Size
1.5MB
-
MD5
6e2e71eec8d4c018d70f33c15621aa35
-
SHA1
c83935da847a5eeff1152565cdb79e1129cf4e00
-
SHA256
98811afe3b43cebb55cf7e70463622dc66e020edf5b0d39d198438abf7740814
-
SHA512
664defc7f27f4cb9445b24c298f35f559c089ea5847be62db9bfc7384b970bd620235f7a2f81d6ad5d7e41c0f1bca4b4f358fdd98e7764e2d96aa91106490c31
-
SSDEEP
24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMAnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMAnLmB
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-