Overview

overview

10

Static

static

10

489566ae52...07.elf

ubuntu-22.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    489566ae52ff7d91debde176382bc81523bad6bad4b8d1f814576e932d498907.elf

  • Size

    1.2MB

  • Sample

    240723-ceyvjs1hml

  • MD5

    db0533432eb1071c80086e843a2010ec

  • SHA1

    f77840fb1fe66b251b8327544bd52f9dd55b32cc

  • SHA256

    489566ae52ff7d91debde176382bc81523bad6bad4b8d1f814576e932d498907

  • SHA512

    58690d8d6f99f6b30f199b9ec7ce6ee2ec210992fe2b6f159d4c7c45baba772c717d9b771e033b1a65c9ea0a4d66cf10c7d70a783d964fc837d8c556793099e8

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4F2y1q2rJp0:745vRVJKGtSA0VWeosu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      489566ae52ff7d91debde176382bc81523bad6bad4b8d1f814576e932d498907.elf

    • Size

      1.2MB

    • MD5

      db0533432eb1071c80086e843a2010ec

    • SHA1

      f77840fb1fe66b251b8327544bd52f9dd55b32cc

    • SHA256

      489566ae52ff7d91debde176382bc81523bad6bad4b8d1f814576e932d498907

    • SHA512

      58690d8d6f99f6b30f199b9ec7ce6ee2ec210992fe2b6f159d4c7c45baba772c717d9b771e033b1a65c9ea0a4d66cf10c7d70a783d964fc837d8c556793099e8

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4F2y1q2rJp0:745vRVJKGtSA0VWeosu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks