mrblack | cb6a490f34f400137bf9a0c1507b5db717b6cc3c526368d538c783c98315cfcd | Triage

Submit
Reports

Overview

overview

Static

static

2980c9ba79...7f59c4

ubuntu-18.04-amd64

Sharing

General

Target

2980c9ba79ca51b516ba6445bc7f59c4
Size

1.2MB
Sample

231219-2q8assgec6
MD5

2980c9ba79ca51b516ba6445bc7f59c4
SHA1

0de1f4a62d41572ab4ab05f2ecfdf691fc8565cb
SHA256

cb6a490f34f400137bf9a0c1507b5db717b6cc3c526368d538c783c98315cfcd
SHA512

b738e34b72ba545d6680af77b9e2c2731252f39d578a6d31ccec02da0dd4609b190b9951f68cab3b222f1ca8339844103e0249852a37102b1ca11b573b3d69fa
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4O2y1q2rJp0:745vRVJKGtSA0VWeotu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2980c9ba79ca51b516ba6445bc7f59c4

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2980c9ba79ca51b516ba6445bc7f59c4
- Size
  
  1.2MB
- MD5
  
  2980c9ba79ca51b516ba6445bc7f59c4
- SHA1
  
  0de1f4a62d41572ab4ab05f2ecfdf691fc8565cb
- SHA256
  
  cb6a490f34f400137bf9a0c1507b5db717b6cc3c526368d538c783c98315cfcd
- SHA512
  
  b738e34b72ba545d6680af77b9e2c2731252f39d578a6d31ccec02da0dd4609b190b9951f68cab3b222f1ca8339844103e0249852a37102b1ca11b573b3d69fa
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4O2y1q2rJp0:745vRVJKGtSA0VWeotu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy