Overview

overview

10

Static

static

10

d8d522f2f7...58.elf

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2264f9e9ec3736a89b2cdf9a926c70ee.bin

  • Size

    456KB

  • Sample

    240221-by33yahf68

  • MD5

    061b4f785a0b82d1b4aa6fefc2878a69

  • SHA1

    e9bc9fb1efc16775fbb32819e2a841515062127d

  • SHA256

    8a7ba745053dfffc5c28ebebb6ce98a9b615d501cdaae92be9be2a9e00ca92e0

  • SHA512

    46a77dde99407a2df07c9ca30b8dc8c5d778c44cff6ccc29344f943598e4870b74f8a79f91526f632c8ee044c021b34c5b29c5c388ca3c83c92a07167cf8482c

  • SSDEEP

    12288:y66o/r1FuiSl2fxg0kYQVz8uMvjnv0iiCsw2O:y5o/Putsxg0kvVzvMz0iifO

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      d8d522f2f72de16a235c17b6d32bad930d2a21a8c2664a76880c9b4b53ec1b58.elf

    • Size

      1.2MB

    • MD5

      2264f9e9ec3736a89b2cdf9a926c70ee

    • SHA1

      69684148423e3540f4f8c7bc787d102ea7b84db5

    • SHA256

      d8d522f2f72de16a235c17b6d32bad930d2a21a8c2664a76880c9b4b53ec1b58

    • SHA512

      39b6f2d778ce3c8832cfe13231edcc0a824c1f19aa6da5168cffd384edaaa033c75af87788ebc46087fbbe7b76d43b1c1f575d0b750d8e709616a903420d5461

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4c2y1q2rJp0:745vRVJKGtSA0VWeoTu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks