Overview

overview

10

Static

static

10

6804388299...f87f2f

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6804388299c7e8c180b12e0b1df87f2f

  • Size

    1.2MB

  • Sample

    231219-3f6jwsfghp

  • MD5

    6804388299c7e8c180b12e0b1df87f2f

  • SHA1

    ad124860ac8818fb233c52a857b6c9ebc30ab907

  • SHA256

    94446b21459c1d0186789135ba357c0be88e4022eaddefb80d900ae0f97f04b1

  • SHA512

    ddc6f59c6fbbef05a1ae39c28bfda063b3765c28c713909494e4296dc853968c5e0c676d4d34b84d1b353fe2d7beda998f236f955b56fbd72d9fa6e4d24c3a28

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4Y2y1q2rJp0:745vRVJKGtSA0VWeo/u9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      6804388299c7e8c180b12e0b1df87f2f

    • Size

      1.2MB

    • MD5

      6804388299c7e8c180b12e0b1df87f2f

    • SHA1

      ad124860ac8818fb233c52a857b6c9ebc30ab907

    • SHA256

      94446b21459c1d0186789135ba357c0be88e4022eaddefb80d900ae0f97f04b1

    • SHA512

      ddc6f59c6fbbef05a1ae39c28bfda063b3765c28c713909494e4296dc853968c5e0c676d4d34b84d1b353fe2d7beda998f236f955b56fbd72d9fa6e4d24c3a28

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4Y2y1q2rJp0:745vRVJKGtSA0VWeo/u9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks