General
-
Target
e33d0c06bb431b3e421ef4b5b9327197_JaffaCakes118
-
Size
1.1MB
-
Sample
240915-x8jmyayhqh
-
MD5
e33d0c06bb431b3e421ef4b5b9327197
-
SHA1
cfdd11cd560b4867cf1124f5baa64ea35e604ebf
-
SHA256
617efd09ffd19d1f70a0f9b3aed510ad76f5d8d4667176335350c9553c23dc6a
-
SHA512
007bd45140f374b5c1bbd0b851a8b9b28fb7cf0bbb9accea5052daa388c6289b3c980d1e07539818bfe9d10af0872e8ca855ebfd5cea8f3b3a130017ecff8880
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaMI+gIGYuuCol7r:4vREKfPqVE5jKsfaMRHGVo7r
Malware Config
Targets
-
-
Target
e33d0c06bb431b3e421ef4b5b9327197_JaffaCakes118
-
Size
1.1MB
-
MD5
e33d0c06bb431b3e421ef4b5b9327197
-
SHA1
cfdd11cd560b4867cf1124f5baa64ea35e604ebf
-
SHA256
617efd09ffd19d1f70a0f9b3aed510ad76f5d8d4667176335350c9553c23dc6a
-
SHA512
007bd45140f374b5c1bbd0b851a8b9b28fb7cf0bbb9accea5052daa388c6289b3c980d1e07539818bfe9d10af0872e8ca855ebfd5cea8f3b3a130017ecff8880
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaMI+gIGYuuCol7r:4vREKfPqVE5jKsfaMRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1