Overview

overview

10

Static

static

10

ff.elf

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ff.elf

  • Size

    1.2MB

  • Sample

    240719-rezjeayckb

  • MD5

    8bd5139f9d5473e0c09c3cf4ba2b0271

  • SHA1

    045f769ebe934a36d4540eb70241e8f4ae9bbc22

  • SHA256

    f111237d031ac98043fab31936e5782073e6ac72b4d4e50d3b39d682702fda27

  • SHA512

    1dbf99c0315955dba1d515c113de0a0a511bfe28f769425706529f71fb5f356fe22d0579c2a1b3cf79a759f2537eb1cdaa44280e910df3771cb2281a6f5d1d9c

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4D2y1q2rJp0:745vRVJKGtSA0VWeoiu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      ff.elf

    • Size

      1.2MB

    • MD5

      8bd5139f9d5473e0c09c3cf4ba2b0271

    • SHA1

      045f769ebe934a36d4540eb70241e8f4ae9bbc22

    • SHA256

      f111237d031ac98043fab31936e5782073e6ac72b4d4e50d3b39d682702fda27

    • SHA512

      1dbf99c0315955dba1d515c113de0a0a511bfe28f769425706529f71fb5f356fe22d0579c2a1b3cf79a759f2537eb1cdaa44280e910df3771cb2281a6f5d1d9c

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4D2y1q2rJp0:745vRVJKGtSA0VWeoiu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks