General
-
Target
d29fc981913105d3ba98af225322aebd_JaffaCakes118
-
Size
1.1MB
-
Sample
240907-xlsmbs1hkc
-
MD5
d29fc981913105d3ba98af225322aebd
-
SHA1
f115d9ccaf90bbcda643557fe657d3191d90cfdf
-
SHA256
05191758a35557c1f23e127e9f2a24e4a49e4cc15f92d91c2690ad7680a5c181
-
SHA512
6121b032f705e9110a11ff3db6597e1c8248e58d0601ac6bac458816b2682c0683d3e7e99754dcfdd90833decf57f5f3ab763ad4500bb01517d03eb030cb69aa
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfatI+gIGYuuCol7r:4vREKfPqVE5jKsfatRHGVo7r
Malware Config
Targets
-
-
Target
d29fc981913105d3ba98af225322aebd_JaffaCakes118
-
Size
1.1MB
-
MD5
d29fc981913105d3ba98af225322aebd
-
SHA1
f115d9ccaf90bbcda643557fe657d3191d90cfdf
-
SHA256
05191758a35557c1f23e127e9f2a24e4a49e4cc15f92d91c2690ad7680a5c181
-
SHA512
6121b032f705e9110a11ff3db6597e1c8248e58d0601ac6bac458816b2682c0683d3e7e99754dcfdd90833decf57f5f3ab763ad4500bb01517d03eb030cb69aa
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfatI+gIGYuuCol7r:4vREKfPqVE5jKsfatRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1