Overview

overview

10

Static

static

10

86f8720441...351a4c

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    86f87204412d1b030a81442eac351a4c

  • Size

    1.1MB

  • Sample

    231220-fz7jzaddap

  • MD5

    86f87204412d1b030a81442eac351a4c

  • SHA1

    fd2d926c05ad6faee5f6d4a2a393197f61c72e45

  • SHA256

    662f090268c407db5c41a85a5333add9a0c79431ee29fead0171997e5d5133ac

  • SHA512

    284f3ac977b53d18a37fd9fa1e28337f2cf15d9f4d58558709c70396fe4f81e695b0ebdccbe13cf23d2218d98b3229b4519093f87281036eb02e7d4188187688

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfahI+gIGYuuCol7r:4vREKfPqVE5jKsfahRHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      86f87204412d1b030a81442eac351a4c

    • Size

      1.1MB

    • MD5

      86f87204412d1b030a81442eac351a4c

    • SHA1

      fd2d926c05ad6faee5f6d4a2a393197f61c72e45

    • SHA256

      662f090268c407db5c41a85a5333add9a0c79431ee29fead0171997e5d5133ac

    • SHA512

      284f3ac977b53d18a37fd9fa1e28337f2cf15d9f4d58558709c70396fe4f81e695b0ebdccbe13cf23d2218d98b3229b4519093f87281036eb02e7d4188187688

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfahI+gIGYuuCol7r:4vREKfPqVE5jKsfahRHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks