Overview

overview

10

Static

static

10

ac323c4fd2...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ac323c4fd2d87cf09539b11a4f7812fa_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240819-xpxepa1apc

  • MD5

    ac323c4fd2d87cf09539b11a4f7812fa

  • SHA1

    d6d42582838dfa173ff5fae8fe84a023b27570da

  • SHA256

    7fc60ce7361fe84312d472216bdd3067f665be7ab8fc921a3e707da716b8abe7

  • SHA512

    0a509bdef37664bac9264c7d2b90b878d08f3ea15841e5005b57a7e46462fdd87d6e47c2897ce79840273add3d040a9be39da75785243caa2be4beaedab30b43

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX4W2y1q2rJp0:745vRVJKGtSA0VWIoFu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      ac323c4fd2d87cf09539b11a4f7812fa_JaffaCakes118

    • Size

      1.2MB

    • MD5

      ac323c4fd2d87cf09539b11a4f7812fa

    • SHA1

      d6d42582838dfa173ff5fae8fe84a023b27570da

    • SHA256

      7fc60ce7361fe84312d472216bdd3067f665be7ab8fc921a3e707da716b8abe7

    • SHA512

      0a509bdef37664bac9264c7d2b90b878d08f3ea15841e5005b57a7e46462fdd87d6e47c2897ce79840273add3d040a9be39da75785243caa2be4beaedab30b43

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX4W2y1q2rJp0:745vRVJKGtSA0VWIoFu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks