General
-
Target
edd3f0a68945ff1f8dd6df454d837e2b_JaffaCakes118
-
Size
1.2MB
-
Sample
240920-r8l56ssarh
-
MD5
edd3f0a68945ff1f8dd6df454d837e2b
-
SHA1
2b1f756d1f5b1723df6872d5727bf55f94c7aba9
-
SHA256
b9d1294e0dbaf0a397f18b28a09ade1e16e934d979fc0f0cabddb37fc25f219a
-
SHA512
f7d234d9494272e003cb986c30b2a96184a73c1f4c969738ddd635e1cc25d30b8ce39e6a465a9e23eeba82285f163f76eb68045780a646a3ae2112d074846bb6
-
SSDEEP
24576:e845rlHu6gVJKG75oFpA0VWfX4G2y1q2rJp0:745wRVJKGtSA0VWfoVu9p0
Malware Config
Targets
-
-
Target
edd3f0a68945ff1f8dd6df454d837e2b_JaffaCakes118
-
Size
1.2MB
-
MD5
edd3f0a68945ff1f8dd6df454d837e2b
-
SHA1
2b1f756d1f5b1723df6872d5727bf55f94c7aba9
-
SHA256
b9d1294e0dbaf0a397f18b28a09ade1e16e934d979fc0f0cabddb37fc25f219a
-
SHA512
f7d234d9494272e003cb986c30b2a96184a73c1f4c969738ddd635e1cc25d30b8ce39e6a465a9e23eeba82285f163f76eb68045780a646a3ae2112d074846bb6
-
SSDEEP
24576:e845rlHu6gVJKG75oFpA0VWfX4G2y1q2rJp0:745wRVJKGtSA0VWfoVu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1