Overview

overview

10

Static

static

10

46423f9b42...26002e

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    46423f9b422edbc8a2344dd51f26002e

  • Size

    1.2MB

  • Sample

    240106-pyyecagefl

  • MD5

    46423f9b422edbc8a2344dd51f26002e

  • SHA1

    bd25ed9f40e75596ee669a31b4a9f8d21245e599

  • SHA256

    6f287b2af52d9f2d88ef66724eff9b320c0c60d93ab4c813ab4b89c2b56be7ef

  • SHA512

    722c388257700e4c19619b77ad54c7837083df4cf8241b4044b90d222a2ae114323211fcf05a1d42a4920384e27d3aecbf8c008822e6f223c59ed7c6136c5711

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX4y2y1q2rJp0:745vRVJKGtSA0VWIoBu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      46423f9b422edbc8a2344dd51f26002e

    • Size

      1.2MB

    • MD5

      46423f9b422edbc8a2344dd51f26002e

    • SHA1

      bd25ed9f40e75596ee669a31b4a9f8d21245e599

    • SHA256

      6f287b2af52d9f2d88ef66724eff9b320c0c60d93ab4c813ab4b89c2b56be7ef

    • SHA512

      722c388257700e4c19619b77ad54c7837083df4cf8241b4044b90d222a2ae114323211fcf05a1d42a4920384e27d3aecbf8c008822e6f223c59ed7c6136c5711

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX4y2y1q2rJp0:745vRVJKGtSA0VWIoBu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks