General
-
Target
f645cb31f1bff38648eb413644ae60f0_JaffaCakes118
-
Size
1.2MB
-
Sample
240925-sfs9fs1hml
-
MD5
f645cb31f1bff38648eb413644ae60f0
-
SHA1
5103449688c87bace93d3bdc10cd23058fa4d944
-
SHA256
efa3e5194615c903c081651d6741553dde31d306711857ae3af2ad8db7c40d1b
-
SHA512
1d51c13f6b4391aa88fc8754e16b7400c7ed1c8e86d53e0950df94afbd289b1187569aa42769f88fb7179fd2b186927fa2cb3a95cfe13244b64554a10abe56a8
-
SSDEEP
24576:e845rUHu6gVJKG75oFpA0VWDX4G2y1q2rJp0:7451RVJKGtSA0VWDoVu9p0
Malware Config
Targets
-
-
Target
f645cb31f1bff38648eb413644ae60f0_JaffaCakes118
-
Size
1.2MB
-
MD5
f645cb31f1bff38648eb413644ae60f0
-
SHA1
5103449688c87bace93d3bdc10cd23058fa4d944
-
SHA256
efa3e5194615c903c081651d6741553dde31d306711857ae3af2ad8db7c40d1b
-
SHA512
1d51c13f6b4391aa88fc8754e16b7400c7ed1c8e86d53e0950df94afbd289b1187569aa42769f88fb7179fd2b186927fa2cb3a95cfe13244b64554a10abe56a8
-
SSDEEP
24576:e845rUHu6gVJKG75oFpA0VWDX4G2y1q2rJp0:7451RVJKGtSA0VWDoVu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1