Overview

overview

10

Static

static

10

36727e67ce...fe0441

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    36727e67ce64f5f4d2dac15243fe0441

  • Size

    1.1MB

  • Sample

    231219-2w5rvsfdek

  • MD5

    36727e67ce64f5f4d2dac15243fe0441

  • SHA1

    3b62c76ced3d1fd2f1f3d3361de93eef24a54339

  • SHA256

    fb75e95f63092c88f7c9d880129f1cea8bfc00e200ed31bc1c78746b08a5b19e

  • SHA512

    dfe1d0ee4176e852cb49afbc7223c815ea0c7c8efe5f1802085ecf5b223bfd537c8a98845515bf1b70ffa9e6d2cd1b1a43fc66b9ebfa523b0b9bff925aa51fae

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfa0I+gIGYuuCol7r:4vREKfPqVE5jKsfa0RHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      36727e67ce64f5f4d2dac15243fe0441

    • Size

      1.1MB

    • MD5

      36727e67ce64f5f4d2dac15243fe0441

    • SHA1

      3b62c76ced3d1fd2f1f3d3361de93eef24a54339

    • SHA256

      fb75e95f63092c88f7c9d880129f1cea8bfc00e200ed31bc1c78746b08a5b19e

    • SHA512

      dfe1d0ee4176e852cb49afbc7223c815ea0c7c8efe5f1802085ecf5b223bfd537c8a98845515bf1b70ffa9e6d2cd1b1a43fc66b9ebfa523b0b9bff925aa51fae

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfa0I+gIGYuuCol7r:4vREKfPqVE5jKsfa0RHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks