mrblack | f974ea63526356d1cab4efb1b5f091b4e8a39efe4cfd41dd628328c725957ac9 | Triage

Submit
Reports

Overview

overview

Static

static

4a21bf0095...46dc43

ubuntu-18.04-amd64

Sharing

General

Target

4a21bf00956f523f819d6229ed46dc43
Size

1.1MB
Sample

231222-b4qpssdehk
MD5

4a21bf00956f523f819d6229ed46dc43
SHA1

b87a5ee7e7c126f32cf9459f75565da60ba51a99
SHA256

f974ea63526356d1cab4efb1b5f091b4e8a39efe4cfd41dd628328c725957ac9
SHA512

c9968aa48b528d3941883a76d376b03c72b3a5003cba33efa3a65c139eb40621e6f53bdb13e4df048ae7cd2ed5b3f76d6914b12ff5504996092e8507be9114e0
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfaxI+gIGYuuCol7r:4vREKfPqVE5jKsfaxRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4a21bf00956f523f819d6229ed46dc43

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  4a21bf00956f523f819d6229ed46dc43
- Size
  
  1.1MB
- MD5
  
  4a21bf00956f523f819d6229ed46dc43
- SHA1
  
  b87a5ee7e7c126f32cf9459f75565da60ba51a99
- SHA256
  
  f974ea63526356d1cab4efb1b5f091b4e8a39efe4cfd41dd628328c725957ac9
- SHA512
  
  c9968aa48b528d3941883a76d376b03c72b3a5003cba33efa3a65c139eb40621e6f53bdb13e4df048ae7cd2ed5b3f76d6914b12ff5504996092e8507be9114e0
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfaxI+gIGYuuCol7r:4vREKfPqVE5jKsfaxRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy