General
-
Target
c7ae8eb6bd72158245bbfe475504b802_JaffaCakes118
-
Size
1.2MB
-
Sample
240828-1bjs8axbkh
-
MD5
c7ae8eb6bd72158245bbfe475504b802
-
SHA1
fcd96625a9afda5b8b408eeae8b5bc50379e48d8
-
SHA256
176a317df7b801a5af856e8b351995dacba50f6d4df1281235dce536e63c6251
-
SHA512
ab433c92d7d687d84b564b8227e7f07f1118ecc00d41e9da1bb29bb3ac5dd9ae522641a3f892cc8cc81de74c4ba9c708dc9d027c2ab1835259d190c71d2f9f80
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4g2y1q2rJp0:745vRVJKGtSA0VWeoXu9p0
Malware Config
Targets
-
-
Target
c7ae8eb6bd72158245bbfe475504b802_JaffaCakes118
-
Size
1.2MB
-
MD5
c7ae8eb6bd72158245bbfe475504b802
-
SHA1
fcd96625a9afda5b8b408eeae8b5bc50379e48d8
-
SHA256
176a317df7b801a5af856e8b351995dacba50f6d4df1281235dce536e63c6251
-
SHA512
ab433c92d7d687d84b564b8227e7f07f1118ecc00d41e9da1bb29bb3ac5dd9ae522641a3f892cc8cc81de74c4ba9c708dc9d027c2ab1835259d190c71d2f9f80
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4g2y1q2rJp0:745vRVJKGtSA0VWeoXu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-