mrblack | 86649bf1aab2eaeccaea440c9deac499956e496512894b401d7a379344eed2de | Triage

Submit
Reports

Overview

overview

Static

static

631d198fd6...832fd2

ubuntu-18.04-amd64

Sharing

General

Target

631d198fd67c385a222564f5e6832fd2
Size

1.1MB
Sample

231219-3ecv7aehhl
MD5

631d198fd67c385a222564f5e6832fd2
SHA1

5b55edfd0db2b2b5301acca8d5ba1b0e6fc43e23
SHA256

86649bf1aab2eaeccaea440c9deac499956e496512894b401d7a379344eed2de
SHA512

461eb1528e12f492bf3eeef5188cb10e990e6d421f8633aa56805d67205f48b5c43e9a1a714bcad0e1ad2f2e8c9b5e743a5ccea43710728640f19088d8f5c546
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfayI+gIGYuuCol7r:4vREKfPqVE5jKsfayRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

631d198fd67c385a222564f5e6832fd2

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  631d198fd67c385a222564f5e6832fd2
- Size
  
  1.1MB
- MD5
  
  631d198fd67c385a222564f5e6832fd2
- SHA1
  
  5b55edfd0db2b2b5301acca8d5ba1b0e6fc43e23
- SHA256
  
  86649bf1aab2eaeccaea440c9deac499956e496512894b401d7a379344eed2de
- SHA512
  
  461eb1528e12f492bf3eeef5188cb10e990e6d421f8633aa56805d67205f48b5c43e9a1a714bcad0e1ad2f2e8c9b5e743a5ccea43710728640f19088d8f5c546
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfayI+gIGYuuCol7r:4vREKfPqVE5jKsfayRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy