mrblack | c2995a7967fc091aa81ca0b203281e8084215ee95bbc4f70d02f334f299f1544 | Triage

Submit
Reports

Overview

overview

Static

static

0ddda3bb85...90645e

ubuntu-18.04-amd64

Sharing

General

Target

0ddda3bb8590616f803a7320d890645e
Size

1.5MB
Sample

231221-11qcasdhe2
MD5

0ddda3bb8590616f803a7320d890645e
SHA1

60d43f48772248dffd668e58ff3adc05d1dec8d5
SHA256

c2995a7967fc091aa81ca0b203281e8084215ee95bbc4f70d02f334f299f1544
SHA512

1c204103046189329aa694eec4beb99ed3b3c238a0607e4fb5dd64c93122a411fda5a9ae609560d17651654bf53ba042c0a14a9655efa0af9270c360f2d681c8
SSDEEP

24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMdhnnLmYXqSYKKZdTrD:zRNi6OHdSbQoyJyXpxb2PaGpXiMbnLmB

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0ddda3bb8590616f803a7320d890645e

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  0ddda3bb8590616f803a7320d890645e
- Size
  
  1.5MB
- MD5
  
  0ddda3bb8590616f803a7320d890645e
- SHA1
  
  60d43f48772248dffd668e58ff3adc05d1dec8d5
- SHA256
  
  c2995a7967fc091aa81ca0b203281e8084215ee95bbc4f70d02f334f299f1544
- SHA512
  
  1c204103046189329aa694eec4beb99ed3b3c238a0607e4fb5dd64c93122a411fda5a9ae609560d17651654bf53ba042c0a14a9655efa0af9270c360f2d681c8
- SSDEEP
  
  24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMdhnnLmYXqSYKKZdTrD:zRNi6OHdSbQoyJyXpxb2PaGpXiMbnLmB
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy