General
-
Target
ui7
-
Size
1.2MB
-
Sample
230824-zp39cafe36
-
MD5
0d1d824e590d41a2b7a5254a33279164
-
SHA1
4a980bddf11e3d0dd169a336f827d7215ab23a97
-
SHA256
4dbb359d6630359359c1ee80219f6a99fa20ae60cf8a30404f4747f87b50160e
-
SHA512
a9b0b22c419c885cdc2bf55cf0bdee592d4b33f548e02858d74552560e2274f2a2e145c12def44bcbdb9d583e18593023f9d259ee956d5301978be87f3c7acea
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4/2y1q2rJp0:745vRVJKGtSA0VWeo+u9p0
Malware Config
Targets
-
-
Target
ui7
-
Size
1.2MB
-
MD5
0d1d824e590d41a2b7a5254a33279164
-
SHA1
4a980bddf11e3d0dd169a336f827d7215ab23a97
-
SHA256
4dbb359d6630359359c1ee80219f6a99fa20ae60cf8a30404f4747f87b50160e
-
SHA512
a9b0b22c419c885cdc2bf55cf0bdee592d4b33f548e02858d74552560e2274f2a2e145c12def44bcbdb9d583e18593023f9d259ee956d5301978be87f3c7acea
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4/2y1q2rJp0:745vRVJKGtSA0VWeo+u9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-