Overview

overview

10

Static

static

10

45ea54c012...d472b1

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    45ea54c012452bacdec3954c06d472b1

  • Size

    1.1MB

  • Sample

    231219-23tm6saadr

  • MD5

    45ea54c012452bacdec3954c06d472b1

  • SHA1

    1f4ff076f09b74f660a6b83f6c0feb20d865266a

  • SHA256

    21ddba24a874c5afa2637a3644eaf14100c5fd9c87b4e51e2f4e65e7da69130c

  • SHA512

    3b82c81f75e89e26e6c11f0caa3983ad94268f463d301e9686d098bf0870d929c94a63da6fab579cb055f3223a733c4ab45e083cd33baf730b922aba412c336d

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfawI+gIGYuuCol7r:4vREKfPqVE5jKsfawRHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      45ea54c012452bacdec3954c06d472b1

    • Size

      1.1MB

    • MD5

      45ea54c012452bacdec3954c06d472b1

    • SHA1

      1f4ff076f09b74f660a6b83f6c0feb20d865266a

    • SHA256

      21ddba24a874c5afa2637a3644eaf14100c5fd9c87b4e51e2f4e65e7da69130c

    • SHA512

      3b82c81f75e89e26e6c11f0caa3983ad94268f463d301e9686d098bf0870d929c94a63da6fab579cb055f3223a733c4ab45e083cd33baf730b922aba412c336d

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfawI+gIGYuuCol7r:4vREKfPqVE5jKsfawRHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks