General
-
Target
ecd85f48177089d1e7672cf04d91b8ec_JaffaCakes118
-
Size
1.1MB
-
Sample
240920-e4y8qaydld
-
MD5
ecd85f48177089d1e7672cf04d91b8ec
-
SHA1
1de79f6fd9322ce3a3716e24bda666a7b97ed293
-
SHA256
13b31c857ca874127126dc16929e7a281f97d2dc84650fb5898bd41572efc7a8
-
SHA512
5de0f0aebd0b9daaa06cc2cd1773bb6fe39f5dc1d7d58f423b77d73a966575cc70958275aee8ccbbadfcd07841e99b92d6d84c5fc4a7864a6af5c23e4750ca0c
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaJI+gIGYuuCol7r:4vREKfPqVE5jKsfaJRHGVo7r
Malware Config
Targets
-
-
Target
ecd85f48177089d1e7672cf04d91b8ec_JaffaCakes118
-
Size
1.1MB
-
MD5
ecd85f48177089d1e7672cf04d91b8ec
-
SHA1
1de79f6fd9322ce3a3716e24bda666a7b97ed293
-
SHA256
13b31c857ca874127126dc16929e7a281f97d2dc84650fb5898bd41572efc7a8
-
SHA512
5de0f0aebd0b9daaa06cc2cd1773bb6fe39f5dc1d7d58f423b77d73a966575cc70958275aee8ccbbadfcd07841e99b92d6d84c5fc4a7864a6af5c23e4750ca0c
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaJI+gIGYuuCol7r:4vREKfPqVE5jKsfaJRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1