General
-
Target
65533.exe.elf
-
Size
1.2MB
-
Sample
240319-tng2tsgb66
-
MD5
5ac9924723ee51a34999132cbd369213
-
SHA1
8bb17a17dc4a7885978c0161d7be2b0274a42466
-
SHA256
be9ce96a9612ff32bc0deae2ffed9f15116b644ec106d1906fe44a6776595291
-
SHA512
f0d1a0ca422c99b37c286b8d6b7b15ad48c6fc0991974623dfbe9c580499e868d36c771aa2d57b1784d515c4cc5524e846e20f5b252f6079b6f71c35c8ae389a
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4R2y1q2rJp0:745vRVJKGtSA0VWeoIu9p0
Malware Config
Targets
-
-
Target
65533.exe.elf
-
Size
1.2MB
-
MD5
5ac9924723ee51a34999132cbd369213
-
SHA1
8bb17a17dc4a7885978c0161d7be2b0274a42466
-
SHA256
be9ce96a9612ff32bc0deae2ffed9f15116b644ec106d1906fe44a6776595291
-
SHA512
f0d1a0ca422c99b37c286b8d6b7b15ad48c6fc0991974623dfbe9c580499e868d36c771aa2d57b1784d515c4cc5524e846e20f5b252f6079b6f71c35c8ae389a
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX4R2y1q2rJp0:745vRVJKGtSA0VWeoIu9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Executes dropped EXE
-
Checks CPU configuration
Checks CPU information which indicate if the system is a virtual machine.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-