General
-
Target
ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
-
Size
1.2MB
-
Sample
240906-dbwfpasbll
-
MD5
ce79d4dafea792c1021cda717501e6e2
-
SHA1
d257659d71de396b8bb07ba26c53288807f290dd
-
SHA256
ac8c67e7c61e71b030752ab27b327a4a265fc7af880fb8e35c66addc6d1ab21b
-
SHA512
052a008908f573f428b59b53edd6dc0ab1e347c646fef286eca3644d732f28db5a25fec08d0997ff13ac6099f900e83a1a9d45d3098fd5a164431499ad2d2005
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4y2y1q2rJp0:745vRVJKGtSA0VWeoBu9p0
Malware Config
Targets
-
-
Target
ce79d4dafea792c1021cda717501e6e2_JaffaCakes118
-
Size
1.2MB
-
MD5
ce79d4dafea792c1021cda717501e6e2
-
SHA1
d257659d71de396b8bb07ba26c53288807f290dd
-
SHA256
ac8c67e7c61e71b030752ab27b327a4a265fc7af880fb8e35c66addc6d1ab21b
-
SHA512
052a008908f573f428b59b53edd6dc0ab1e347c646fef286eca3644d732f28db5a25fec08d0997ff13ac6099f900e83a1a9d45d3098fd5a164431499ad2d2005
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4y2y1q2rJp0:745vRVJKGtSA0VWeoBu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1