General
-
Target
fc7157213488275cdd9b82b59ab15657_JaffaCakes118
-
Size
1.1MB
-
Sample
240928-q9lqcssaqc
-
MD5
fc7157213488275cdd9b82b59ab15657
-
SHA1
3c0b0b4b4408adc8022e96ae83daf38da01dd9fa
-
SHA256
5803553052a81f6a0a7c79fafd26be7a0a23c01bf3d1d53fc9cf6360e73ae03b
-
SHA512
b77568dd49d00c866c1a9abd2a2b0de489471676f9dd062fadf44f62a420eedefd0a1d0ef584570d59b4a488a3c65c41e766c8a7f83852a6c4c61ae626cded6a
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaQI+gIGYuuCol7r:4vREKfPqVE5jKsfaQRHGVo7r
Malware Config
Targets
-
-
Target
fc7157213488275cdd9b82b59ab15657_JaffaCakes118
-
Size
1.1MB
-
MD5
fc7157213488275cdd9b82b59ab15657
-
SHA1
3c0b0b4b4408adc8022e96ae83daf38da01dd9fa
-
SHA256
5803553052a81f6a0a7c79fafd26be7a0a23c01bf3d1d53fc9cf6360e73ae03b
-
SHA512
b77568dd49d00c866c1a9abd2a2b0de489471676f9dd062fadf44f62a420eedefd0a1d0ef584570d59b4a488a3c65c41e766c8a7f83852a6c4c61ae626cded6a
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfaQI+gIGYuuCol7r:4vREKfPqVE5jKsfaQRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1