Overview

overview

10

Static

static

10

China.z-rpvd

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7bc78a61512b96f1b9b420316c21635d

  • Size

    1.5MB

  • Sample

    231222-jzxxbachdl

  • MD5

    7bc78a61512b96f1b9b420316c21635d

  • SHA1

    bea417282c99568295f649ac3f5b7ae54353bdc4

  • SHA256

    23646fd4a025122a9cbf58e306563d67d215826a14878edc8d9d082bf7ffd8fd

  • SHA512

    8e45e7c52852c9ff26b54b1731e078d349f7503281c9eca36fadf8ee09d61f84bbd203543cdd5d03501cf6b108c6e6f1b7f18778156a8d5d9b083a8d9661206f

  • SSDEEP

    49152:+nilOolLbt1laIunbZsehkqS55555555555555555555555555555555555k55w4:qeOolLbt1laIunlsehKNtYi7COE

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      China.Z-rpvd

    • Size

      1.5MB

    • MD5

      9f5049a1f72b215d122d8c13c77301c8

    • SHA1

      56c89dda5ff4182bdccef7e53a4af77407e2a9ed

    • SHA256

      8035cfe776a0730dedb984d83a1272054f920d248b6e8134126a61eecd28b97c

    • SHA512

      7f08ee472d1fa3b622ddf053aa365fba118eb312326fc18f62fb1caf2cd98ec7f583284394cc71566f4f01e164d9fad151e0c463f8fef0e3924ffa484576b9b3

    • SSDEEP

      49152:2nilOolLbt1laIunbZsehkqS55555555555555555555555555555555555k55w1:yeOolLbt1laIunlsehKNtYi7COEm

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks