General
-
Target
47ed0c0fd311c7d7fb78bb65c066c157
-
Size
1.2MB
-
Sample
231219-24j55aadbn
-
MD5
47ed0c0fd311c7d7fb78bb65c066c157
-
SHA1
d5359246406863690ea95f29734a7ac3f187443f
-
SHA256
bbd6839074adea734213cc5e40a0dbb31c4c36df5a5bc1040757d6baec3f8415
-
SHA512
a4929ea6f2acdb2219ede3a8c07eb21ce4504950cc1cc1be91f274915802f0a8cee63d9ff7707ba0e194300a297887e1a891baf813088af00df0a3b9934e58f3
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4r2y1q2rJp0:745vRVJKGtSA0VWeoau9p0
Malware Config
Targets
-
-
Target
47ed0c0fd311c7d7fb78bb65c066c157
-
Size
1.2MB
-
MD5
47ed0c0fd311c7d7fb78bb65c066c157
-
SHA1
d5359246406863690ea95f29734a7ac3f187443f
-
SHA256
bbd6839074adea734213cc5e40a0dbb31c4c36df5a5bc1040757d6baec3f8415
-
SHA512
a4929ea6f2acdb2219ede3a8c07eb21ce4504950cc1cc1be91f274915802f0a8cee63d9ff7707ba0e194300a297887e1a891baf813088af00df0a3b9934e58f3
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4r2y1q2rJp0:745vRVJKGtSA0VWeoau9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-