Overview

overview

10

Static

static

10

8b68168778...kes118

ubuntu-20.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b68168778df50cc2390678bc1744a32_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240811-wm6pxavelb

  • MD5

    8b68168778df50cc2390678bc1744a32

  • SHA1

    4a508e301183920439776f8abbf0b8bcf93aa5f9

  • SHA256

    bd7fc5fa571373babbc3a125580ca5a622656020d2bd4b72e23fbe1ddf4bc2ef

  • SHA512

    5633bb5357ff78c43717591815e8ffdc0f7b716b9ea75e20fcc3d962b852210e22abf78ba6c2c4c7366537d6a5c60ad39e92e96d9dec210918ef6c4052125cf3

  • SSDEEP

    24576:e845rUHu6gVJKG75oFpA0VWiX4G2y1q2rJp0:7451RVJKGtSA0VWioVu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      8b68168778df50cc2390678bc1744a32_JaffaCakes118

    • Size

      1.2MB

    • MD5

      8b68168778df50cc2390678bc1744a32

    • SHA1

      4a508e301183920439776f8abbf0b8bcf93aa5f9

    • SHA256

      bd7fc5fa571373babbc3a125580ca5a622656020d2bd4b72e23fbe1ddf4bc2ef

    • SHA512

      5633bb5357ff78c43717591815e8ffdc0f7b716b9ea75e20fcc3d962b852210e22abf78ba6c2c4c7366537d6a5c60ad39e92e96d9dec210918ef6c4052125cf3

    • SSDEEP

      24576:e845rUHu6gVJKG75oFpA0VWiX4G2y1q2rJp0:7451RVJKGtSA0VWioVu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks