General
-
Target
d671981073f65b73e5f7526fb75ccaaf_JaffaCakes118
-
Size
1.2MB
-
Sample
240909-q48mya1enl
-
MD5
d671981073f65b73e5f7526fb75ccaaf
-
SHA1
9e582e748f28f7cdd8168a5f0ce06b9ff3668719
-
SHA256
77bb1d85e202750ce40c5c157dba34590ad85a9246cb759f053b7a39272ec67f
-
SHA512
522cf9e0fde13c0b3e22acb49e8bf57e821f0fde33cdf8309abb07afb8daa230f7358d85c791ee063461595149746a7f726899fee98c2424f6c2959b9dc32009
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4h2y1q2rJp0:745vRVJKGtSA0VWeo4u9p0
Malware Config
Targets
-
-
Target
d671981073f65b73e5f7526fb75ccaaf_JaffaCakes118
-
Size
1.2MB
-
MD5
d671981073f65b73e5f7526fb75ccaaf
-
SHA1
9e582e748f28f7cdd8168a5f0ce06b9ff3668719
-
SHA256
77bb1d85e202750ce40c5c157dba34590ad85a9246cb759f053b7a39272ec67f
-
SHA512
522cf9e0fde13c0b3e22acb49e8bf57e821f0fde33cdf8309abb07afb8daa230f7358d85c791ee063461595149746a7f726899fee98c2424f6c2959b9dc32009
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4h2y1q2rJp0:745vRVJKGtSA0VWeo4u9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1