General
-
Target
d76313dac8a41f33decb5fc369da16bc_JaffaCakes118
-
Size
1.2MB
-
Sample
240910-bj98pszbrm
-
MD5
d76313dac8a41f33decb5fc369da16bc
-
SHA1
26865db1aeac644e8c0d96e7d1efb8c1bb35075c
-
SHA256
4b2ad45af30fdeedd35ac765c8f75d9ff7d7c9f01b7f9f0fcf2e16ab9dcef159
-
SHA512
cd2916d9d6c0c063f56730949ace0f5d37ccb05ec7793ed90e3f03fdd3de85f26c8a57d85fd74bf6982d9637740580215bdd7e0574bc8129e23bc178718d29b9
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4f2y1q2rJp0:745vRVJKGtSA0VWeoeu9p0
Malware Config
Targets
-
-
Target
d76313dac8a41f33decb5fc369da16bc_JaffaCakes118
-
Size
1.2MB
-
MD5
d76313dac8a41f33decb5fc369da16bc
-
SHA1
26865db1aeac644e8c0d96e7d1efb8c1bb35075c
-
SHA256
4b2ad45af30fdeedd35ac765c8f75d9ff7d7c9f01b7f9f0fcf2e16ab9dcef159
-
SHA512
cd2916d9d6c0c063f56730949ace0f5d37ccb05ec7793ed90e3f03fdd3de85f26c8a57d85fd74bf6982d9637740580215bdd7e0574bc8129e23bc178718d29b9
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4f2y1q2rJp0:745vRVJKGtSA0VWeoeu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1