Overview

overview

10

Static

static

10

6e33cdd39c...4e835d

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6e33cdd39c283c7be901c633e24e835d

  • Size

    1.2MB

  • Sample

    231219-3qqanahcfk

  • MD5

    6e33cdd39c283c7be901c633e24e835d

  • SHA1

    62260432105fd30808197811a992291c1d21b572

  • SHA256

    52a5c50c2fc3caf997a7401cd957bf780a4d0ebac5b85445d5678d49dc2dcbb8

  • SHA512

    a2e4f8bdd2377d2d01765c123ef2fa40dbbe874ab5986efaafe3d28725121d7d74ea12b48bd6e4fa661bf8b0274737b13f7de08e136407b0ac3f5362d4046948

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWIX4o2y1q2rJp0:745vRVJKGtSA0VWIovu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      6e33cdd39c283c7be901c633e24e835d

    • Size

      1.2MB

    • MD5

      6e33cdd39c283c7be901c633e24e835d

    • SHA1

      62260432105fd30808197811a992291c1d21b572

    • SHA256

      52a5c50c2fc3caf997a7401cd957bf780a4d0ebac5b85445d5678d49dc2dcbb8

    • SHA512

      a2e4f8bdd2377d2d01765c123ef2fa40dbbe874ab5986efaafe3d28725121d7d74ea12b48bd6e4fa661bf8b0274737b13f7de08e136407b0ac3f5362d4046948

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWIX4o2y1q2rJp0:745vRVJKGtSA0VWIovu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks