Overview

overview

10

Static

static

10

b2c0cc5cdf...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b2c0cc5cdf92fa314e1eb8b8349da01d_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240821-kae6msycrb

  • MD5

    b2c0cc5cdf92fa314e1eb8b8349da01d

  • SHA1

    851ad4a9ed904d9d7083d604a8ea702ca0d7f4c8

  • SHA256

    42e7047673a596abf2c9b4e544418d5f6d111f66babbcc81463908d42b155731

  • SHA512

    bb8b7092b6563babd773839315776e2f1bbbc8d82032693e397942a0d18a936ee0c2f1ef292a6e480abec7c0622f4344dc5b4feaa6a6e1d3fd65e10f259be9ee

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX4g2y1q2rJp0:745vRVJKGtSA0VWIoXu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      b2c0cc5cdf92fa314e1eb8b8349da01d_JaffaCakes118

    • Size

      1.2MB

    • MD5

      b2c0cc5cdf92fa314e1eb8b8349da01d

    • SHA1

      851ad4a9ed904d9d7083d604a8ea702ca0d7f4c8

    • SHA256

      42e7047673a596abf2c9b4e544418d5f6d111f66babbcc81463908d42b155731

    • SHA512

      bb8b7092b6563babd773839315776e2f1bbbc8d82032693e397942a0d18a936ee0c2f1ef292a6e480abec7c0622f4344dc5b4feaa6a6e1d3fd65e10f259be9ee

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX4g2y1q2rJp0:745vRVJKGtSA0VWIoXu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks