Overview

overview

10

Static

static

10

e5e1f47899...be524b

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e5e1f47899d5ff3f67a4b9edc1be524b

  • Size

    1.2MB

  • Sample

    231220-tt2y7acff9

  • MD5

    e5e1f47899d5ff3f67a4b9edc1be524b

  • SHA1

    6b5626d567b813d39d3a21744706ed0700ac05df

  • SHA256

    3270ef51cc68ed6f7f9fada4a3854caaaab88e943a5de6507fe1300b74b7d97f

  • SHA512

    cf41e790b210d0be3c3bd100e0cbdd6fdf26aa53d6e7ac070f40258241500f52a174a9adc13ac8d5ed268cbd85986f2e7610c9fedb6fdbe947ba0e308542a790

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4J2y1q2rJp0:745vRVJKGtSA0VWeoQu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      e5e1f47899d5ff3f67a4b9edc1be524b

    • Size

      1.2MB

    • MD5

      e5e1f47899d5ff3f67a4b9edc1be524b

    • SHA1

      6b5626d567b813d39d3a21744706ed0700ac05df

    • SHA256

      3270ef51cc68ed6f7f9fada4a3854caaaab88e943a5de6507fe1300b74b7d97f

    • SHA512

      cf41e790b210d0be3c3bd100e0cbdd6fdf26aa53d6e7ac070f40258241500f52a174a9adc13ac8d5ed268cbd85986f2e7610c9fedb6fdbe947ba0e308542a790

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4J2y1q2rJp0:745vRVJKGtSA0VWeoQu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks