General
-
Target
fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
-
Size
1.1MB
-
Sample
240928-a59cvszhrb
-
MD5
fb32d9ed9ec428e273d020411369c13a
-
SHA1
cfee07acf58b774744494ef911bd0e0949e57bfc
-
SHA256
7d4529ae3fde5d8d91f90478708350497c859f9db88ce401c8eb40c9d1bd57a6
-
SHA512
59ece367cf98b1577b412f40055a988f8c3281c8e6072ed45743760dac487ccdf83b2f947d1f70032ac173014896b56bc98038945f02b6751ac28aa534a8943f
-
SSDEEP
24576:lzdjjEQBCRwTvlSg+Z0cDCFXtuTPE/dl0rUmQLNwy0R:lZjEEFLEg+Z0wutuTPE1l0rU5d0R
Malware Config
Targets
-
-
Target
fb32d9ed9ec428e273d020411369c13a_JaffaCakes118
-
Size
1.1MB
-
MD5
fb32d9ed9ec428e273d020411369c13a
-
SHA1
cfee07acf58b774744494ef911bd0e0949e57bfc
-
SHA256
7d4529ae3fde5d8d91f90478708350497c859f9db88ce401c8eb40c9d1bd57a6
-
SHA512
59ece367cf98b1577b412f40055a988f8c3281c8e6072ed45743760dac487ccdf83b2f947d1f70032ac173014896b56bc98038945f02b6751ac28aa534a8943f
-
SSDEEP
24576:lzdjjEQBCRwTvlSg+Z0cDCFXtuTPE/dl0rUmQLNwy0R:lZjEEFLEg+Z0wutuTPE1l0rU5d0R
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1