Overview

overview

10

Static

static

10

e96a4bee4d...366fc7

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e96a4bee4d4282ede40a23552d366fc7

  • Size

    1.2MB

  • Sample

    231220-t3hxnsfdc9

  • MD5

    e96a4bee4d4282ede40a23552d366fc7

  • SHA1

    b0c97e7c2ddc799f9568643d5f85ee38da2a77c7

  • SHA256

    2896a3a7802aad0563d33c50d64193857fc35287a00ee2d72a7bb17e6d4bacd7

  • SHA512

    4c7e11ff7cb366f51ec5636f9ccd7bfa15ca59b71432a5bdbd8c62fbab2391bd192164a7b5b7dc9cb8508196095c1b3d7697bf55be417cda9250743a8d1db2a3

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4s2y1q2rJp0:745vRVJKGtSA0VWeoDu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      e96a4bee4d4282ede40a23552d366fc7

    • Size

      1.2MB

    • MD5

      e96a4bee4d4282ede40a23552d366fc7

    • SHA1

      b0c97e7c2ddc799f9568643d5f85ee38da2a77c7

    • SHA256

      2896a3a7802aad0563d33c50d64193857fc35287a00ee2d72a7bb17e6d4bacd7

    • SHA512

      4c7e11ff7cb366f51ec5636f9ccd7bfa15ca59b71432a5bdbd8c62fbab2391bd192164a7b5b7dc9cb8508196095c1b3d7697bf55be417cda9250743a8d1db2a3

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4s2y1q2rJp0:745vRVJKGtSA0VWeoDu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks