Overview

overview

10

Static

static

10

57cdc48eaa...f91152

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    57cdc48eaa07c06e05e40a6ff4f91152

  • Size

    1.1MB

  • Sample

    231222-df6r8ahgar

  • MD5

    57cdc48eaa07c06e05e40a6ff4f91152

  • SHA1

    73aa4491cc45e5bb2c124dea5f899bfbbb7b3871

  • SHA256

    e242b05592dd0460ba7ff61fc458af4c41eac421d770a1a5f24bf5c81a6f1a74

  • SHA512

    ccbbafcdb90bd58ebf773d3eb358efff9612346a91197b817d40d19d93db3f4fef9c856fb55162380217af3f78c21caee6adb5f3d1a26719f7d730c85c2a8b98

  • SSDEEP

    24576:5ajGoPkpF6jxtFJh/zRgQ4CkIWFNEm7YZPSlJcsZvp2wL1:kkpF+jj1gQ4CrIEm7YZ4Jc8bL1

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      57cdc48eaa07c06e05e40a6ff4f91152

    • Size

      1.1MB

    • MD5

      57cdc48eaa07c06e05e40a6ff4f91152

    • SHA1

      73aa4491cc45e5bb2c124dea5f899bfbbb7b3871

    • SHA256

      e242b05592dd0460ba7ff61fc458af4c41eac421d770a1a5f24bf5c81a6f1a74

    • SHA512

      ccbbafcdb90bd58ebf773d3eb358efff9612346a91197b817d40d19d93db3f4fef9c856fb55162380217af3f78c21caee6adb5f3d1a26719f7d730c85c2a8b98

    • SSDEEP

      24576:5ajGoPkpF6jxtFJh/zRgQ4CkIWFNEm7YZPSlJcsZvp2wL1:kkpF+jj1gQ4CrIEm7YZ4Jc8bL1

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks