General
-
Target
e491c4cd8a405e7260877e1b894affe6_JaffaCakes118
-
Size
1.2MB
-
Sample
240916-mga7dasdla
-
MD5
e491c4cd8a405e7260877e1b894affe6
-
SHA1
3c5786156a0a451535745a56561b33db0f7f26bb
-
SHA256
bf042f061bf708cbb09750ff53cb795df394c14e13653983b9c122a22aa827f1
-
SHA512
8d1264f40ff6f85825870289d77a5c517fb06e878b30043067c1fb14229523ed957cd0f985b32786f81b34d2b0b4c0d6fa9f7198163c769fc92e5dff7f8433e2
-
SSDEEP
24576:e845rUHu6gVJKG75oFpA0VWeX4G2y1q2rJp0:7451RVJKGtSA0VWeoVu9p0
Malware Config
Targets
-
-
Target
e491c4cd8a405e7260877e1b894affe6_JaffaCakes118
-
Size
1.2MB
-
MD5
e491c4cd8a405e7260877e1b894affe6
-
SHA1
3c5786156a0a451535745a56561b33db0f7f26bb
-
SHA256
bf042f061bf708cbb09750ff53cb795df394c14e13653983b9c122a22aa827f1
-
SHA512
8d1264f40ff6f85825870289d77a5c517fb06e878b30043067c1fb14229523ed957cd0f985b32786f81b34d2b0b4c0d6fa9f7198163c769fc92e5dff7f8433e2
-
SSDEEP
24576:e845rUHu6gVJKG75oFpA0VWeX4G2y1q2rJp0:7451RVJKGtSA0VWeoVu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1