General
-
Target
490eb7a7e1e1ed361801e18128206ab9
-
Size
1.2MB
-
Sample
241018-jtsqeaycjq
-
MD5
490eb7a7e1e1ed361801e18128206ab9
-
SHA1
ed40d1d0313b032b5cf12ed43fbf01e3d4a83bbe
-
SHA256
29f2a7e4500ae2f34dd7b62d6616e2de3ca89d5c87b1e76184f2e4ab52e002f5
-
SHA512
605fc001e7cc8cfe1346e9e0cd2ad544b0834d49b3023d4ab58bf574d53cc52ce5d0e853a8e4acadffd948bed1f7ec936cf919a714a2fa91e163d546325d8fd8
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX462y1q2rJp0:745vRVJKGtSA0VWeo5u9p0
Malware Config
Targets
-
-
Target
490eb7a7e1e1ed361801e18128206ab9
-
Size
1.2MB
-
MD5
490eb7a7e1e1ed361801e18128206ab9
-
SHA1
ed40d1d0313b032b5cf12ed43fbf01e3d4a83bbe
-
SHA256
29f2a7e4500ae2f34dd7b62d6616e2de3ca89d5c87b1e76184f2e4ab52e002f5
-
SHA512
605fc001e7cc8cfe1346e9e0cd2ad544b0834d49b3023d4ab58bf574d53cc52ce5d0e853a8e4acadffd948bed1f7ec936cf919a714a2fa91e163d546325d8fd8
-
SSDEEP
24576:e845rGHu6gVJKG75oFpA0VWeX462y1q2rJp0:745vRVJKGtSA0VWeo5u9p0
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1