mrblack | 709d04dd39dd7f214f3711f7795337fbb1c2e837dddd24e6d426a0d6c306618e | Triage

Submit
Reports

Overview

overview

Static

static

011fb10d03...c1e726

ubuntu-18.04-amd64

Sharing

General

Target

011fb10d031cdc8ea1242ed91dc1e726
Size

1.2MB
Sample

231219-19yp2ahge3
MD5

011fb10d031cdc8ea1242ed91dc1e726
SHA1

514ce6f5a6c9d6879f612c360bbe97cd2af9904b
SHA256

709d04dd39dd7f214f3711f7795337fbb1c2e837dddd24e6d426a0d6c306618e
SHA512

0edea1a6f78ccf7c8fb5feffa0d0a10380f35083a56f3a53a5ad1ab620c22c5141b11050aa046390fe5519177d46766e5797d72b2f3423aeae5782fa45e2ba24
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWIX4L2y1q2rJp0:745vRVJKGtSA0VWIo6u9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

011fb10d031cdc8ea1242ed91dc1e726

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  011fb10d031cdc8ea1242ed91dc1e726
- Size
  
  1.2MB
- MD5
  
  011fb10d031cdc8ea1242ed91dc1e726
- SHA1
  
  514ce6f5a6c9d6879f612c360bbe97cd2af9904b
- SHA256
  
  709d04dd39dd7f214f3711f7795337fbb1c2e837dddd24e6d426a0d6c306618e
- SHA512
  
  0edea1a6f78ccf7c8fb5feffa0d0a10380f35083a56f3a53a5ad1ab620c22c5141b11050aa046390fe5519177d46766e5797d72b2f3423aeae5782fa45e2ba24
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWIX4L2y1q2rJp0:745vRVJKGtSA0VWIo6u9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy