Overview

overview

10

Static

static

10

bdebfb5f4f...kes118

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bdebfb5f4f9863212311238c87000f3c_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240824-ffmqfstfje

  • MD5

    bdebfb5f4f9863212311238c87000f3c

  • SHA1

    43ce22fe6c8cdc70763602bc4a808a20b2ab4398

  • SHA256

    83025812b463400eb4403acc4844fe47b6d5db11806d4a9bdb63fe84aa6352df

  • SHA512

    95117b308945fb549625686986a1439d5e41e7aff8c42113a3bd17a2ffecda34f48cd0d85cbdae5a709e04da133700b0133556ad0e1f0a4b982a94b6b50a948b

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4M2y1q2rJp0:745vRVJKGtSA0VWeoju9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      bdebfb5f4f9863212311238c87000f3c_JaffaCakes118

    • Size

      1.2MB

    • MD5

      bdebfb5f4f9863212311238c87000f3c

    • SHA1

      43ce22fe6c8cdc70763602bc4a808a20b2ab4398

    • SHA256

      83025812b463400eb4403acc4844fe47b6d5db11806d4a9bdb63fe84aa6352df

    • SHA512

      95117b308945fb549625686986a1439d5e41e7aff8c42113a3bd17a2ffecda34f48cd0d85cbdae5a709e04da133700b0133556ad0e1f0a4b982a94b6b50a948b

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4M2y1q2rJp0:745vRVJKGtSA0VWeoju9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks