Found a usb payload

[Garet]

Hello all,

I work IT for a school district and one of my staff found this on the ground outside. Luckily I got to them before they had plugged it into anything. I have a test VM bench that I plugged this device into (not connected to inet) and it appears to run a script of some kind. I've never seen a usb payload quite like this one. Doesn't appear to have an SD card like the rubber duck. Do any of you know what type of usb payload this is and how I might find out what is on it ? It only appears to have a switch on it. 

 

https://ibb.co/kXrXHXB
https://ibb.co/pzWF5RT

 

 

[barry99705]

You really expect people to click on those links?  That's funny.

[user14414]

The "ON" vs "1" switch looks really interesting though

[user14414]

Manufacturer documentation codes seems to be written on one side of the logic board. Try typing those into google, you just might get the description of the hardware. If you work in a school (at least that's what I understood) i suspect one of the kids figured out it would be nice to have a keylogger on teacher's laptop. Let us know if you find anything interesting 

[e1337r0x0r]

Looks like the Malduino lite 

 

[e1337r0x0r]

you should post the payload and not just pics if you want some kind of help.

[Garet]

On 4/27/2019 at 11:17 AM, barry99705 said:

You really expect people to click on those links?  That's funny.

Sorry no where to attach the pic on here that I could see

 

On 4/28/2019 at 7:49 AM, e1337r0x0r said:

Looks like the Malduino lite 

 

Thank you. I will look into this a bit more. Thank you for taking the time to respond with the video. 

[Garet]

So e1337r0x0r you were spot on with it being a malduino lite, however doesn't seem to behave like the usb rubber duck that i have. No SD card, further read of the website indicates scripts are saved on the onboard 32kb chip. Do you guys think there is any way to read what's on it ? Or are we SOL. 

[barry99705]

2 hours ago, Garet said:

So e1337r0x0r you were spot on with it being a malduino lite, however doesn't seem to behave like the usb rubber duck that i have. No SD card, further read of the website indicates scripts are saved on the onboard 32kb chip. Do you guys think there is any way to read what's on it ? Or are we SOL. 

https://forum.arduino.cc/index.php?topic=403201.0

Doubtful.  They'll compiled, so not human readable anymore.  What about just plugging it into a disposable laptop?

[e1337r0x0r]

Try using arduino IDE to connect to the device  Arduino/Genuino Micro. You may only be able to load sketches but you might also be able to recover the current save state.

[e1337r0x0r]

make sure you have to switch in the off position before you put it in your pc.

[Cap_Sig]

@Garet Probably the best you can do is get the hex from it.  Just depends what programming software was used to upload originally.  

On 4/29/2019 at 3:05 PM, barry99705 said:

What about just plugging it into a disposable laptop?

I would give this a try as well.  Or any isolated system really.

[Garet]

Did that. Nothing of any consequence.. Looked as though an attempt was made to run a script from an external website as that was the only line that happened in command prompt. Accessing the link yielded no results. Second line appears it was going to copy a file locally to a directory that regular users don't have access over so they would've needed either my or one of the other admin accounts credentials. Anways thank you everyone for the responses it is much appreciated. 

[INFOTRACE]

On 4/29/2019 at 6:04 PM, Garet said:

Sorry no where to attach the pic on here that I could see

 

Thank you. I will look into this a bit more. Thank you for taking the time to respond with the video. 

Great video and Great products. Easy to setup and easily deployable, just one minor bugbear, it stands out like a soar thumb.......as it doesn't come with a protective case (either of them). Apart from that you can run most scripts and can grab data in literally seconds. So, even without the case (mentioned to the chap who does this) it is still a good piece to have in your field kit IMO 😎

[Cap_Sig]

11 hours ago, INFOTRACE said:

it stands out like a soar thumb.......as it doesn't come with a protective case

I think there are some 3D printable cases around the web.  Worth a search if you have access to a 3D printer.

[INFOTRACE]

On 11/1/2019 at 1:01 AM, Cap_Sig said:

I think there are some 3D printable cases around the web.  Worth a search if you have access to a 3D printer.

Yes buddy, checked them out, but one thing prevents me from doing that.........I don't have a 3D printer (yet). 😜

Never managed to work out which one was worth purchasing 🤓

As always, thank you for your response, which at least by me are all greatly appreciated😎

[Cap_Sig]

1 hour ago, INFOTRACE said:

Never managed to work out which one was worth purchasing 🤓

Understandable.  There are so many options in the market now it's hard to decide.  Especially if you are new to it all.  If you do make the jump and get one my advice is start with a must have features list to help narrow down the search.  All printers have good and bad reviews but that doesn't always reflect the quality of the printer. 

[INFOTRACE]

On 11/3/2019 at 11:58 AM, Cap_Sig said:

Understandable.  There are so many options in the market now it's hard to decide.  Especially if you are new to it all.  If you do make the jump and get one my advice is start with a must have features list to help narrow down the search.  All printers have good and bad reviews but that doesn't always reflect the quality of the printer. 

Thanks fella........great advice as always....😎