General
-
Target
d6e5833b5fd732ac2ba017b1a6d34d77
-
Size
1.2MB
-
Sample
231222-spnqbsagd9
-
MD5
d6e5833b5fd732ac2ba017b1a6d34d77
-
SHA1
77a31f0c1fdc7548c20e034c1761515a47a56a79
-
SHA256
856452857b500cca80879789377b60a6721cfe065f1f254a929d06f731eccca0
-
SHA512
1109c33635df4c76b3f56cad57fabfd5994d63e88f69533afe1aaa61d80a568dcdcfddda9cf0e763280427cadddaf2bc62d42162d0bcc2c7ba2a5cf1f4cfcf8a
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWIX4h2y1q2rJp0:745vRVJKGtSA0VWIo4u9p0
Malware Config
Targets
-
-
Target
d6e5833b5fd732ac2ba017b1a6d34d77
-
Size
1.2MB
-
MD5
d6e5833b5fd732ac2ba017b1a6d34d77
-
SHA1
77a31f0c1fdc7548c20e034c1761515a47a56a79
-
SHA256
856452857b500cca80879789377b60a6721cfe065f1f254a929d06f731eccca0
-
SHA512
1109c33635df4c76b3f56cad57fabfd5994d63e88f69533afe1aaa61d80a568dcdcfddda9cf0e763280427cadddaf2bc62d42162d0bcc2c7ba2a5cf1f4cfcf8a
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWIX4h2y1q2rJp0:745vRVJKGtSA0VWIo4u9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-