General
-
Target
e97790c1200e6d5c8f4eed64f1736a5d
-
Size
1.1MB
-
Sample
231222-tlrhgsgcf8
-
MD5
e97790c1200e6d5c8f4eed64f1736a5d
-
SHA1
8df8579b3303221b0aa9955f0e11ab6d24525a1a
-
SHA256
e27571a89dfbb256bdf2aa7ff0a062bd10bd712c46d7ddc045a8ac85c4903c2f
-
SHA512
0cb76a4ac2c5787282f31bed1a0a2599258d85890d60cc6a1538548f304b56668840295b99d862a721baa3309e7dc3366b2dbd2819ed39900cc2165dc23a7f70
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfazI+gIGYuuCol7r:4vREKfPqVE5jKsfazRHGVo7r
Malware Config
Targets
-
-
Target
e97790c1200e6d5c8f4eed64f1736a5d
-
Size
1.1MB
-
MD5
e97790c1200e6d5c8f4eed64f1736a5d
-
SHA1
8df8579b3303221b0aa9955f0e11ab6d24525a1a
-
SHA256
e27571a89dfbb256bdf2aa7ff0a062bd10bd712c46d7ddc045a8ac85c4903c2f
-
SHA512
0cb76a4ac2c5787282f31bed1a0a2599258d85890d60cc6a1538548f304b56668840295b99d862a721baa3309e7dc3366b2dbd2819ed39900cc2165dc23a7f70
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfazI+gIGYuuCol7r:4vREKfPqVE5jKsfazRHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-