General
-
Target
cf0c9c132a13a3097012530bb312afee_JaffaCakes118
-
Size
1.1MB
-
Sample
240906-jrcleavfmc
-
MD5
cf0c9c132a13a3097012530bb312afee
-
SHA1
bf196eaa6b0c90a3ef45b81ada29eded7e6031d9
-
SHA256
3c1daabc22d5f5c1639c4b43ab9c8cb3f81b720931d71045ab702d54adc6555f
-
SHA512
f4d28ca9d0ec69de01e1a65596e485a39d5bf38d7ad4689a8c829890d263cafde25c73a683750b6296ae5a07228ba8104ab9b5d31f4bd4b1aafbe8f8d45d3bbf
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfalI+gIGYuuCol7r:4vREKfPqVE5jKsfalRHGVo7r
Malware Config
Targets
-
-
Target
cf0c9c132a13a3097012530bb312afee_JaffaCakes118
-
Size
1.1MB
-
MD5
cf0c9c132a13a3097012530bb312afee
-
SHA1
bf196eaa6b0c90a3ef45b81ada29eded7e6031d9
-
SHA256
3c1daabc22d5f5c1639c4b43ab9c8cb3f81b720931d71045ab702d54adc6555f
-
SHA512
f4d28ca9d0ec69de01e1a65596e485a39d5bf38d7ad4689a8c829890d263cafde25c73a683750b6296ae5a07228ba8104ab9b5d31f4bd4b1aafbe8f8d45d3bbf
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfalI+gIGYuuCol7r:4vREKfPqVE5jKsfalRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1