Overview

overview

10

Static

static

10

bd06b3e16b...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bd06b3e16bd6ff49b03296aea234e143_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240823-y55axavakd

  • MD5

    bd06b3e16bd6ff49b03296aea234e143

  • SHA1

    fdcb873f34346dbfbaa786591ed107a5f5204515

  • SHA256

    cc9bff43faee3f45db38b9b55d2899bb222ffd46c897896cef02354d2e01118c

  • SHA512

    bec2ad929ce34482259751e949edc5568809dcbe5f01645deb53acfb2f56ffc89fa53cb66af83b061c63692e9b5971a554d31ccc669e2b333da415762de37751

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX472y1q2rJp0:745vRVJKGtSA0VWIoKu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      bd06b3e16bd6ff49b03296aea234e143_JaffaCakes118

    • Size

      1.2MB

    • MD5

      bd06b3e16bd6ff49b03296aea234e143

    • SHA1

      fdcb873f34346dbfbaa786591ed107a5f5204515

    • SHA256

      cc9bff43faee3f45db38b9b55d2899bb222ffd46c897896cef02354d2e01118c

    • SHA512

      bec2ad929ce34482259751e949edc5568809dcbe5f01645deb53acfb2f56ffc89fa53cb66af83b061c63692e9b5971a554d31ccc669e2b333da415762de37751

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX472y1q2rJp0:745vRVJKGtSA0VWIoKu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks