General
-
Target
e97790c1200e6d5c8f4eed64f1736a5d_JaffaCakes118
-
Size
1.1MB
-
Sample
240918-ta9vpazfmj
-
MD5
e97790c1200e6d5c8f4eed64f1736a5d
-
SHA1
8df8579b3303221b0aa9955f0e11ab6d24525a1a
-
SHA256
e27571a89dfbb256bdf2aa7ff0a062bd10bd712c46d7ddc045a8ac85c4903c2f
-
SHA512
0cb76a4ac2c5787282f31bed1a0a2599258d85890d60cc6a1538548f304b56668840295b99d862a721baa3309e7dc3366b2dbd2819ed39900cc2165dc23a7f70
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfazI+gIGYuuCol7r:4vREKfPqVE5jKsfazRHGVo7r
Malware Config
Targets
-
-
Target
e97790c1200e6d5c8f4eed64f1736a5d_JaffaCakes118
-
Size
1.1MB
-
MD5
e97790c1200e6d5c8f4eed64f1736a5d
-
SHA1
8df8579b3303221b0aa9955f0e11ab6d24525a1a
-
SHA256
e27571a89dfbb256bdf2aa7ff0a062bd10bd712c46d7ddc045a8ac85c4903c2f
-
SHA512
0cb76a4ac2c5787282f31bed1a0a2599258d85890d60cc6a1538548f304b56668840295b99d862a721baa3309e7dc3366b2dbd2819ed39900cc2165dc23a7f70
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfazI+gIGYuuCol7r:4vREKfPqVE5jKsfazRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1