Overview

overview

10

Static

static

10

ea5336057c...7a10bc

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ea5336057c90d93f0196e60b267a10bc

  • Size

    1.1MB

  • Sample

    231220-t5azvagad8

  • MD5

    ea5336057c90d93f0196e60b267a10bc

  • SHA1

    bd9defee681f4bab8ce3ffe07582e3df6a9fb865

  • SHA256

    3bcb3bb397ed0f5c72de9e19109f6daef8d0a03b8951406b2d442fbb90cdf83d

  • SHA512

    3bdf430fe823d0a2145b17b21a8da4c4e8e30ee2c6fb58b98e472a2b1057ac6c5caa1e336c39d5617542274645294662575f05cc06bca1947ed27d810c04b2bd

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfahI+gIGYuuCol7r:4vREKfPqVE5jKsfahRHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      ea5336057c90d93f0196e60b267a10bc

    • Size

      1.1MB

    • MD5

      ea5336057c90d93f0196e60b267a10bc

    • SHA1

      bd9defee681f4bab8ce3ffe07582e3df6a9fb865

    • SHA256

      3bcb3bb397ed0f5c72de9e19109f6daef8d0a03b8951406b2d442fbb90cdf83d

    • SHA512

      3bdf430fe823d0a2145b17b21a8da4c4e8e30ee2c6fb58b98e472a2b1057ac6c5caa1e336c39d5617542274645294662575f05cc06bca1947ed27d810c04b2bd

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfahI+gIGYuuCol7r:4vREKfPqVE5jKsfahRHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks