Overview

overview

10

Static

static

10

cfaaf70ca3...e4.elf

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    abc66fbc294358fb5ca8c4dd2f3e42cf.bin

  • Size

    456KB

  • Sample

    240221-erzzgsbg76

  • MD5

    23c16c08d9e32eb9b889705688b1c971

  • SHA1

    0bc1eb4d3c78c1160dd6ffc7caa8f6622fd319f8

  • SHA256

    3508b8ab5630e746336bf7c184689b9d102c84c23c440c10d06f22bb91f2c60a

  • SHA512

    38cec744a776036b133c67058f71aa5d9576e82e448bd6f9467347032521f56e3163d167b76b93b9a880f9a40c55cd368d380b5444a29732a6a68dbbcad669e8

  • SSDEEP

    12288:8C0ySnWqXattZKh1U6HYhdrVaAmFUbW1MC9ztR:wnWqXoKh1U64hPaA+U61M6b

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      cfaaf70ca32d5ff133378cc0cfdc0cd5f27d91abf6853404df57208a8a7d3de4.elf

    • Size

      1.2MB

    • MD5

      abc66fbc294358fb5ca8c4dd2f3e42cf

    • SHA1

      a89a5999f2f6c37e1316f748767113b9b211cb3e

    • SHA256

      cfaaf70ca32d5ff133378cc0cfdc0cd5f27d91abf6853404df57208a8a7d3de4

    • SHA512

      ac1e4b3e8190625e5a54ae078081b61e39f717c22392441f67590167f015598ba36c4a186889d715ca52cd727d2e140e98504bc70c203718e754a20e4c90f5af

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4g2y1q2rJp0:745vRVJKGtSA0VWeoXu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks