mrblack | 07b57927f4faaa8bd42516e4e79a54ec32a58200a6be95ab776803f6604c55a1 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

2674ef5c89...66c307

ubuntu-18.04-amd64

Sharing

General

Target

2674ef5c89fcfb31f83341335966c307
Size

1.2MB
Sample

231221-3h5elsahdl
MD5

2674ef5c89fcfb31f83341335966c307
SHA1

d0cb6e1ff4bbb04cc73ee29dfbee12b922437d6f
SHA256

07b57927f4faaa8bd42516e4e79a54ec32a58200a6be95ab776803f6604c55a1
SHA512

e86e65259132e5ed2ac7213214978b8e10f20cce6ffe76ee7d6690e154eb98a0e1798268b1bca46b5f37bd9291e4a7b2fed3cacc6694046e39bdf51ebfcf8325
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4R2y1q2rJp0:745vRVJKGtSA0VWeoIu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

2674ef5c89fcfb31f83341335966c307

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  2674ef5c89fcfb31f83341335966c307
- Size
  
  1.2MB
- MD5
  
  2674ef5c89fcfb31f83341335966c307
- SHA1
  
  d0cb6e1ff4bbb04cc73ee29dfbee12b922437d6f
- SHA256
  
  07b57927f4faaa8bd42516e4e79a54ec32a58200a6be95ab776803f6604c55a1
- SHA512
  
  e86e65259132e5ed2ac7213214978b8e10f20cce6ffe76ee7d6690e154eb98a0e1798268b1bca46b5f37bd9291e4a7b2fed3cacc6694046e39bdf51ebfcf8325
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4R2y1q2rJp0:745vRVJKGtSA0VWeoIu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy