Overview

overview

10

Static

static

10

c8a06a490f...kes118

ubuntu-20.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8a06a490fc859f2f3d5876ffb93a01a_JaffaCakes118

  • Size

    1.2MB

  • Sample

    240829-macfvsybkk

  • MD5

    c8a06a490fc859f2f3d5876ffb93a01a

  • SHA1

    e209828fe9ae7f0ac8011db43f1b62e079f10c6b

  • SHA256

    85b18a45a5f12da6da29c734f8120baf0278ea742545861bda7cc8cff161ef85

  • SHA512

    a47b74dee1e047fa9f74b90e806a2d412f43aa8542e6c52da84211fca7f87424f0ef4700cebf45205bbbc0ac3df4edf40b0fa50c9819c79c8561683e99f6143f

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX4E2y1q2rJp0:745vRVJKGtSA0VWIoLu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      c8a06a490fc859f2f3d5876ffb93a01a_JaffaCakes118

    • Size

      1.2MB

    • MD5

      c8a06a490fc859f2f3d5876ffb93a01a

    • SHA1

      e209828fe9ae7f0ac8011db43f1b62e079f10c6b

    • SHA256

      85b18a45a5f12da6da29c734f8120baf0278ea742545861bda7cc8cff161ef85

    • SHA512

      a47b74dee1e047fa9f74b90e806a2d412f43aa8542e6c52da84211fca7f87424f0ef4700cebf45205bbbc0ac3df4edf40b0fa50c9819c79c8561683e99f6143f

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX4E2y1q2rJp0:745vRVJKGtSA0VWIoLu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks