mrblack | 52cc791bc03f7618fbcb679752d3858ea71f0a76f94feadb1126e97f3e38847b | Triage

Submit
Reports

Overview

overview

Static

static

c7573e1c67...kes118

ubuntu-24.04-amd64

7

Sharing

General

Target

c7573e1c671b34619b2cec043b882a98_JaffaCakes118
Size

1.2MB
Sample

240828-wbh5gaybqc
MD5

c7573e1c671b34619b2cec043b882a98
SHA1

584c1890e6fb0686b2565f8bfdeff9cf14befaa7
SHA256

52cc791bc03f7618fbcb679752d3858ea71f0a76f94feadb1126e97f3e38847b
SHA512

a78b6648fb8e5d990f449577e0c31a5d998ea92e1ea5f9e75f7d189928cb3153e17abe24733c31089950778d5b54faee93bb895e6b0d813d50afa515697f1b21
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4/2y1q2rJp0:745vRVJKGtSA0VWeo+u9p0

Score

10^/10

mrblack linux rootkit

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c7573e1c671b34619b2cec043b882a98_JaffaCakes118

Resource

ubuntu2404-amd64-20240523-en

ubuntu-24.04-amd64

6 signatures

150 seconds

Malware Config

Targets

- Target
  
  c7573e1c671b34619b2cec043b882a98_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  c7573e1c671b34619b2cec043b882a98
- SHA1
  
  584c1890e6fb0686b2565f8bfdeff9cf14befaa7
- SHA256
  
  52cc791bc03f7618fbcb679752d3858ea71f0a76f94feadb1126e97f3e38847b
- SHA512
  
  a78b6648fb8e5d990f449577e0c31a5d998ea92e1ea5f9e75f7d189928cb3153e17abe24733c31089950778d5b54faee93bb895e6b0d813d50afa515697f1b21
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4/2y1q2rJp0:745vRVJKGtSA0VWeo+u9p0
Score

7^/10

rootkit
- Executes dropped EXE
- Loads a kernel module
  Loads a Linux kernel module, potentially to achieve persistence
  rootkit
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy