General
-
Target
f873fa69d444a4c32e36c5c228486052_JaffaCakes118
-
Size
1.2MB
-
Sample
240926-qjm6hayfpq
-
MD5
f873fa69d444a4c32e36c5c228486052
-
SHA1
6bb5f8a69d04ea08d43792b2bf8ea5e1f6858ae3
-
SHA256
a8754cac6d8ff294ac4c8b39e6efcb8b05d6e18f12c839ca3e93e98067ae4379
-
SHA512
5bffb43982c9ce8c7ba5d4f174c569b97be04c6c96e406e026158ba31d40b79e1c81074080eee7fecfb7c265152dca68651b8da47e5d0a1ef874a7f990402a41
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4P2y1q2rJp0:745vRVJKGtSA0VWeouu9p0
Malware Config
Targets
-
-
Target
f873fa69d444a4c32e36c5c228486052_JaffaCakes118
-
Size
1.2MB
-
MD5
f873fa69d444a4c32e36c5c228486052
-
SHA1
6bb5f8a69d04ea08d43792b2bf8ea5e1f6858ae3
-
SHA256
a8754cac6d8ff294ac4c8b39e6efcb8b05d6e18f12c839ca3e93e98067ae4379
-
SHA512
5bffb43982c9ce8c7ba5d4f174c569b97be04c6c96e406e026158ba31d40b79e1c81074080eee7fecfb7c265152dca68651b8da47e5d0a1ef874a7f990402a41
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4P2y1q2rJp0:745vRVJKGtSA0VWeouu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1