General
-
Target
e9d0ceb7c823a511a2f59af62cb2186f_JaffaCakes118
-
Size
1.1MB
-
Sample
240918-x3cmfazakk
-
MD5
e9d0ceb7c823a511a2f59af62cb2186f
-
SHA1
c59f119553d18aaa69363179506cec8bf1ff5f47
-
SHA256
bd725c4105df8194d29f7a39bc2356113ed9d840f4629ec222aa1bbd269c9f1a
-
SHA512
149d5d532252b2d956b0d9c9db09bf4714a6b9fa7d10254ccd6723ceea16aa16d59361a6b3f439839052bbaa28c76069dec62fd05410018ed0429b78c648f70b
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfarI+gIGYuuCol7r:4vREKfPqVE5jKsfarRHGVo7r
Malware Config
Targets
-
-
Target
e9d0ceb7c823a511a2f59af62cb2186f_JaffaCakes118
-
Size
1.1MB
-
MD5
e9d0ceb7c823a511a2f59af62cb2186f
-
SHA1
c59f119553d18aaa69363179506cec8bf1ff5f47
-
SHA256
bd725c4105df8194d29f7a39bc2356113ed9d840f4629ec222aa1bbd269c9f1a
-
SHA512
149d5d532252b2d956b0d9c9db09bf4714a6b9fa7d10254ccd6723ceea16aa16d59361a6b3f439839052bbaa28c76069dec62fd05410018ed0429b78c648f70b
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfarI+gIGYuuCol7r:4vREKfPqVE5jKsfarRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1