mrblack | 23646fd4a025122a9cbf58e306563d67d215826a14878edc8d9d082bf7ffd8fd | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

China.z-rpvd

ubuntu-18.04-amd64

Sharing

General

Target

7bc78a61512b96f1b9b420316c21635d
Size

1.5MB
Sample

231222-jzxxbachdl
MD5

7bc78a61512b96f1b9b420316c21635d
SHA1

bea417282c99568295f649ac3f5b7ae54353bdc4
SHA256

23646fd4a025122a9cbf58e306563d67d215826a14878edc8d9d082bf7ffd8fd
SHA512

8e45e7c52852c9ff26b54b1731e078d349f7503281c9eca36fadf8ee09d61f84bbd203543cdd5d03501cf6b108c6e6f1b7f18778156a8d5d9b083a8d9661206f
SSDEEP

49152:+nilOolLbt1laIunbZsehkqS55555555555555555555555555555555555k55w4:qeOolLbt1laIunlsehKNtYi7COE

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

China.z-rpvd

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  China.Z-rpvd
- Size
  
  1.5MB
- MD5
  
  9f5049a1f72b215d122d8c13c77301c8
- SHA1
  
  56c89dda5ff4182bdccef7e53a4af77407e2a9ed
- SHA256
  
  8035cfe776a0730dedb984d83a1272054f920d248b6e8134126a61eecd28b97c
- SHA512
  
  7f08ee472d1fa3b622ddf053aa365fba118eb312326fc18f62fb1caf2cd98ec7f583284394cc71566f4f01e164d9fad151e0c463f8fef0e3924ffa484576b9b3
- SSDEEP
  
  49152:2nilOolLbt1laIunbZsehkqS55555555555555555555555555555555555k55w1:yeOolLbt1laIunlsehKNtYi7COEm
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.