General
-
Target
dcf77358235d18fb9bb9205650dacc04_JaffaCakes118
-
Size
1.1MB
-
Sample
240912-ywad6sseka
-
MD5
dcf77358235d18fb9bb9205650dacc04
-
SHA1
4b96e288d6e8f69f769435c7f8fddff67ab54ec5
-
SHA256
48705e816a6587d2a8d3d512c91159456cc7eabc8618d561e6df87f843919b2c
-
SHA512
2166d6a9795c9b875adb1004a19a8ba7ea8945ca614a268e06549b5843ec46a20e5af79ec5660be1b5c04bec791677aab780eb0c944699a297772746f4191744
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfahI+gIGYuuCol7r:4vREKfPqVE5jKsfahRHGVo7r
Malware Config
Targets
-
-
Target
dcf77358235d18fb9bb9205650dacc04_JaffaCakes118
-
Size
1.1MB
-
MD5
dcf77358235d18fb9bb9205650dacc04
-
SHA1
4b96e288d6e8f69f769435c7f8fddff67ab54ec5
-
SHA256
48705e816a6587d2a8d3d512c91159456cc7eabc8618d561e6df87f843919b2c
-
SHA512
2166d6a9795c9b875adb1004a19a8ba7ea8945ca614a268e06549b5843ec46a20e5af79ec5660be1b5c04bec791677aab780eb0c944699a297772746f4191744
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfahI+gIGYuuCol7r:4vREKfPqVE5jKsfahRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1