mrblack | ac9a1f9ad83c299ca554b7b812c1f06b77c0944b31674d2fa14a8cd9ce13276c | Triage

Submit
Reports

Overview

overview

Static

static

5907bf2669...e2cafc

ubuntu-18.04-amd64

Sharing

General

Target

5907bf266919b00c99cebb511de2cafc
Size

1.2MB
Sample

231219-3anf5adcaj
MD5

5907bf266919b00c99cebb511de2cafc
SHA1

291b031e300086f499e1f19ae96201f85a23dd6f
SHA256

ac9a1f9ad83c299ca554b7b812c1f06b77c0944b31674d2fa14a8cd9ce13276c
SHA512

10dc1c6d1176fad370dfe51f48d385d1b7170b4abfe0fe3406eedf7cd45db1112871cab51d3a153c658ff23b50d92976e11a1328ae9929020180265d1bce6c9e
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4L2y1q2rJp0:745vRVJKGtSA0VWeo6u9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5907bf266919b00c99cebb511de2cafc

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  5907bf266919b00c99cebb511de2cafc
- Size
  
  1.2MB
- MD5
  
  5907bf266919b00c99cebb511de2cafc
- SHA1
  
  291b031e300086f499e1f19ae96201f85a23dd6f
- SHA256
  
  ac9a1f9ad83c299ca554b7b812c1f06b77c0944b31674d2fa14a8cd9ce13276c
- SHA512
  
  10dc1c6d1176fad370dfe51f48d385d1b7170b4abfe0fe3406eedf7cd45db1112871cab51d3a153c658ff23b50d92976e11a1328ae9929020180265d1bce6c9e
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4L2y1q2rJp0:745vRVJKGtSA0VWeo6u9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy