General

  • Target

    f57f99f56834d73211bac97f4ec2dc5c.bin

  • Size

    434KB

  • Sample

    240506-cflllsgd43

  • MD5

    7e1f052db4ab977291fde60e574a3f8c

  • SHA1

    815b9bb6b83dd80dd5bcf13c548b45d0fb26deb5

  • SHA256

    0e8b7406cefebfc76b5ca5b48c77e88bbaea2aaef89fbf947f164d017ff15743

  • SHA512

    e1445e80e8e0645646288f10f0c9819eb93ff5995a15c3c6368e48ee2422a45147c991bb4a8d4fbdf2e32395160901475b7543c14973697ad1483b2048c2d4cd

  • SSDEEP

    6144:+AKqQAGK3MGMVh2b90vq1xAN3hqoktNx05FtvQiEBEKV+f3UoHFQPMj:+7Al3MGeA22AFOxsFWA3UoHF6Mj

Malware Config

Targets

    • Target

      a7d548bcb9a58a58b5dfb9f059b302131fc0107a094f1fbb53c7d525b9327b60.elf

    • Size

      1.1MB

    • MD5

      f57f99f56834d73211bac97f4ec2dc5c

    • SHA1

      314fff2c301fb120ce100e812e3ef4b31580551d

    • SHA256

      a7d548bcb9a58a58b5dfb9f059b302131fc0107a094f1fbb53c7d525b9327b60

    • SHA512

      c2785a0b3231ccd5c217f6ec38aa8ca3ece2cc3a3364a3271582ba49cf9ac8a5dfd163765c6284ba72c9bd4e711cc059ba328e6a7ad0b1adeb7e85447b9350a8

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfa1I+gIGYuuCol7r:4vREKfPqVE5jKsfa1RHGVo7r

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks