General
-
Target
abc66fbc294358fb5ca8c4dd2f3e42cf.bin
-
Size
456KB
-
Sample
240221-erzzgsbg76
-
MD5
23c16c08d9e32eb9b889705688b1c971
-
SHA1
0bc1eb4d3c78c1160dd6ffc7caa8f6622fd319f8
-
SHA256
3508b8ab5630e746336bf7c184689b9d102c84c23c440c10d06f22bb91f2c60a
-
SHA512
38cec744a776036b133c67058f71aa5d9576e82e448bd6f9467347032521f56e3163d167b76b93b9a880f9a40c55cd368d380b5444a29732a6a68dbbcad669e8
-
SSDEEP
12288:8C0ySnWqXattZKh1U6HYhdrVaAmFUbW1MC9ztR:wnWqXoKh1U64hPaA+U61M6b
Malware Config
Targets
-
-
Target
cfaaf70ca32d5ff133378cc0cfdc0cd5f27d91abf6853404df57208a8a7d3de4.elf
-
Size
1.2MB
-
MD5
abc66fbc294358fb5ca8c4dd2f3e42cf
-
SHA1
a89a5999f2f6c37e1316f748767113b9b211cb3e
-
SHA256
cfaaf70ca32d5ff133378cc0cfdc0cd5f27d91abf6853404df57208a8a7d3de4
-
SHA512
ac1e4b3e8190625e5a54ae078081b61e39f717c22392441f67590167f015598ba36c4a186889d715ca52cd727d2e140e98504bc70c203718e754a20e4c90f5af
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4g2y1q2rJp0:745vRVJKGtSA0VWeoXu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-