General
-
Target
f17b36cfddb5242cb530ee6f62fd72ad_JaffaCakes118
-
Size
1.1MB
-
Sample
241215-az46ys1kbl
-
MD5
f17b36cfddb5242cb530ee6f62fd72ad
-
SHA1
1dad9668f72f681c865d058027d0eb474f920613
-
SHA256
a81f677c5e70b1031e5faddd50ba3492e6d536ce672fa17c173f916b88e45d46
-
SHA512
c0edc007a5030e95cc63467e5de00ba3152f3150dc9247850553fbf0542e2c6bf59543d6cca1e38dd8fdc490a2984d515a6d984e6d8833e64c90e07383d7fa16
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfamI+gIGYuuCol7r:4vREKfPqVE5jKsfamRHGVo7r
Malware Config
Targets
-
-
Target
f17b36cfddb5242cb530ee6f62fd72ad_JaffaCakes118
-
Size
1.1MB
-
MD5
f17b36cfddb5242cb530ee6f62fd72ad
-
SHA1
1dad9668f72f681c865d058027d0eb474f920613
-
SHA256
a81f677c5e70b1031e5faddd50ba3492e6d536ce672fa17c173f916b88e45d46
-
SHA512
c0edc007a5030e95cc63467e5de00ba3152f3150dc9247850553fbf0542e2c6bf59543d6cca1e38dd8fdc490a2984d515a6d984e6d8833e64c90e07383d7fa16
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfamI+gIGYuuCol7r:4vREKfPqVE5jKsfamRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Mrblack family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1