General
-
Target
a7d548bcb9a58a58b5dfb9f059b302131fc0107a094f1fbb53c7d525b9327b60
-
Size
1.1MB
-
Sample
241125-w3q96awqcl
-
MD5
f57f99f56834d73211bac97f4ec2dc5c
-
SHA1
314fff2c301fb120ce100e812e3ef4b31580551d
-
SHA256
a7d548bcb9a58a58b5dfb9f059b302131fc0107a094f1fbb53c7d525b9327b60
-
SHA512
c2785a0b3231ccd5c217f6ec38aa8ca3ece2cc3a3364a3271582ba49cf9ac8a5dfd163765c6284ba72c9bd4e711cc059ba328e6a7ad0b1adeb7e85447b9350a8
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfa1I+gIGYuuCol7r:4vREKfPqVE5jKsfa1RHGVo7r
Malware Config
Targets
-
-
Target
a7d548bcb9a58a58b5dfb9f059b302131fc0107a094f1fbb53c7d525b9327b60
-
Size
1.1MB
-
MD5
f57f99f56834d73211bac97f4ec2dc5c
-
SHA1
314fff2c301fb120ce100e812e3ef4b31580551d
-
SHA256
a7d548bcb9a58a58b5dfb9f059b302131fc0107a094f1fbb53c7d525b9327b60
-
SHA512
c2785a0b3231ccd5c217f6ec38aa8ca3ece2cc3a3364a3271582ba49cf9ac8a5dfd163765c6284ba72c9bd4e711cc059ba328e6a7ad0b1adeb7e85447b9350a8
-
SSDEEP
24576:4vRE7caCfKGPqVEDNLFxKsfa1I+gIGYuuCol7r:4vREKfPqVE5jKsfa1RHGVo7r
Score10/10-
MrBlack Trojan
IoT botnet which infects routers to be used for DDoS attacks.
-
MrBlack trojan
-
Mrblack family
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Write file to user bin folder
-
Writes file to system bin folder
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Privilege Escalation
Boot or Logon Autostart Execution
1Boot or Logon Initialization Scripts
1RC Scripts
1Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Virtualization/Sandbox Evasion
1System Checks
1