General
-
Target
ff5e84897e3bf9df890972e0b222c3cd_JaffaCakes118
-
Size
1.1MB
-
Sample
240929-1hzs1swble
-
MD5
ff5e84897e3bf9df890972e0b222c3cd
-
SHA1
77a937ecf2b0fbf34a3427758653c0671c33393a
-
SHA256
caa57c5014f455447a880d1f9553845a81d39e3edc1ac5b8ba4254018fb81062
-
SHA512
9bb766f87208417387c67a58277031453734334667dcf2ced68d4cf35bb062b18b6df701fd9beab5b07476eea68ff6490cf279e88cb02e8b2951a5e0eb16f786
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfa5I+gIGYuuCol7r:4vREKfPqVE5jKsfa5RHGVo7r
Malware Config
Targets
-
-
Target
ff5e84897e3bf9df890972e0b222c3cd_JaffaCakes118
-
Size
1.1MB
-
MD5
ff5e84897e3bf9df890972e0b222c3cd
-
SHA1
77a937ecf2b0fbf34a3427758653c0671c33393a
-
SHA256
caa57c5014f455447a880d1f9553845a81d39e3edc1ac5b8ba4254018fb81062
-
SHA512
9bb766f87208417387c67a58277031453734334667dcf2ced68d4cf35bb062b18b6df701fd9beab5b07476eea68ff6490cf279e88cb02e8b2951a5e0eb16f786
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfa5I+gIGYuuCol7r:4vREKfPqVE5jKsfa5RHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1