General
-
Target
f983e21c9cf1fbba6e12da9cb92561d4_JaffaCakes118
-
Size
1.2MB
-
Sample
240927-cl189azdpm
-
MD5
f983e21c9cf1fbba6e12da9cb92561d4
-
SHA1
869c977aff5ae9f729db7dcb310e0c157c7a7c71
-
SHA256
984050713ad29b2d8dcca0b9dfdee82d41bee59648d3ad4837bd399355481f06
-
SHA512
0613170df4143bedc30a5fe3af69f092eb197fa7f22425504dea364b22e070b8dd9185c2fa642c4bc356ca4e52e2f9e917cdd1ced56e448c89a82efd8ced962b
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4e2y1q2rJp0:745vRVJKGtSA0VWeodu9p0
Malware Config
Targets
-
-
Target
f983e21c9cf1fbba6e12da9cb92561d4_JaffaCakes118
-
Size
1.2MB
-
MD5
f983e21c9cf1fbba6e12da9cb92561d4
-
SHA1
869c977aff5ae9f729db7dcb310e0c157c7a7c71
-
SHA256
984050713ad29b2d8dcca0b9dfdee82d41bee59648d3ad4837bd399355481f06
-
SHA512
0613170df4143bedc30a5fe3af69f092eb197fa7f22425504dea364b22e070b8dd9185c2fa642c4bc356ca4e52e2f9e917cdd1ced56e448c89a82efd8ced962b
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4e2y1q2rJp0:745vRVJKGtSA0VWeodu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1