General
-
Target
cfaaf70ca32d5ff133378cc0cfdc0cd5f27d91abf6853404df57208a8a7d3de4.elf
-
Size
1.2MB
-
Sample
240220-gq3ebsda88
-
MD5
abc66fbc294358fb5ca8c4dd2f3e42cf
-
SHA1
a89a5999f2f6c37e1316f748767113b9b211cb3e
-
SHA256
cfaaf70ca32d5ff133378cc0cfdc0cd5f27d91abf6853404df57208a8a7d3de4
-
SHA512
ac1e4b3e8190625e5a54ae078081b61e39f717c22392441f67590167f015598ba36c4a186889d715ca52cd727d2e140e98504bc70c203718e754a20e4c90f5af
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4g2y1q2rJp0:745vRVJKGtSA0VWeoXu9p0
Malware Config
Targets
-
-
Target
cfaaf70ca32d5ff133378cc0cfdc0cd5f27d91abf6853404df57208a8a7d3de4.elf
-
Size
1.2MB
-
MD5
abc66fbc294358fb5ca8c4dd2f3e42cf
-
SHA1
a89a5999f2f6c37e1316f748767113b9b211cb3e
-
SHA256
cfaaf70ca32d5ff133378cc0cfdc0cd5f27d91abf6853404df57208a8a7d3de4
-
SHA512
ac1e4b3e8190625e5a54ae078081b61e39f717c22392441f67590167f015598ba36c4a186889d715ca52cd727d2e140e98504bc70c203718e754a20e4c90f5af
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4g2y1q2rJp0:745vRVJKGtSA0VWeoXu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-