Overview

overview

10

Static

static

10

5ebc7f88cc...67502d

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5ebc7f88cc268c854aaa9f388b67502d

  • Size

    1.2MB

  • Sample

    231219-3crxbsecap

  • MD5

    5ebc7f88cc268c854aaa9f388b67502d

  • SHA1

    c647cfb4eb6395a4872068508f559ff80a6d3180

  • SHA256

    cf83ec2b11b126e9d552d81a0611add9e3012f792f15f18a738b084a55db6a77

  • SHA512

    a2ecd3aa7d9532cd3186719774860e417fc2f285076ad87f161efc31f41306e10f6d70fca6c7e480e8ab345e723fc04921fcf7b6ee6c58a65156adcfecc52a06

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4q2y1q2rJp0:745vRVJKGtSA0VWeoJu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      5ebc7f88cc268c854aaa9f388b67502d

    • Size

      1.2MB

    • MD5

      5ebc7f88cc268c854aaa9f388b67502d

    • SHA1

      c647cfb4eb6395a4872068508f559ff80a6d3180

    • SHA256

      cf83ec2b11b126e9d552d81a0611add9e3012f792f15f18a738b084a55db6a77

    • SHA512

      a2ecd3aa7d9532cd3186719774860e417fc2f285076ad87f161efc31f41306e10f6d70fca6c7e480e8ab345e723fc04921fcf7b6ee6c58a65156adcfecc52a06

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4q2y1q2rJp0:745vRVJKGtSA0VWeoJu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks