General
-
Target
d5e40f3e2d31e6c6c00d715a028db5bf_JaffaCakes118
-
Size
1.1MB
-
Sample
240909-jj34dsxflk
-
MD5
d5e40f3e2d31e6c6c00d715a028db5bf
-
SHA1
3ba1bf5b985ab75bbfcd4c36ba3b4f34da2c4179
-
SHA256
9d0e5980097d18b384ccac755e546e789337be8512693ae2bbda017447974f70
-
SHA512
660ddf2da470991da7443c284c9fe9087f3913308a3e511429c463a1a0f12bc43b661d52456fdba2695ea3498ac8d18f4bf33285d0b55bd7243b217fe1c69245
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaqI+gIGYuuCol7r:4vREKfPqVE5jKsfaqRHGVo7r
Malware Config
Targets
-
-
Target
d5e40f3e2d31e6c6c00d715a028db5bf_JaffaCakes118
-
Size
1.1MB
-
MD5
d5e40f3e2d31e6c6c00d715a028db5bf
-
SHA1
3ba1bf5b985ab75bbfcd4c36ba3b4f34da2c4179
-
SHA256
9d0e5980097d18b384ccac755e546e789337be8512693ae2bbda017447974f70
-
SHA512
660ddf2da470991da7443c284c9fe9087f3913308a3e511429c463a1a0f12bc43b661d52456fdba2695ea3498ac8d18f4bf33285d0b55bd7243b217fe1c69245
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaqI+gIGYuuCol7r:4vREKfPqVE5jKsfaqRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1