mrblack | da150723a7cf0cd194c4895181a90d755fc8453d6e23fee4b6a6c687547a638b | Triage

Submit
Reports

Overview

overview

Static

static

8250a386b5...964d67

ubuntu-18.04-amd64

Sharing

General

Target

8250a386b5bd2c1fca99f12ab8964d67
Size

1.2MB
Sample

231222-lqsx4sehhn
MD5

8250a386b5bd2c1fca99f12ab8964d67
SHA1

636f4f56d06da34fee28077360e5f077b47e5188
SHA256

da150723a7cf0cd194c4895181a90d755fc8453d6e23fee4b6a6c687547a638b
SHA512

ca853322ccbd81dd16fe609087971a7f3ef099d8497bbc959be385f81771d73e75a40fbfe112b730ed8fb8bfbf8c8164766b17462b371e2bc833d7680fd74096
SSDEEP

24576:e845rlHu6gVJKG75oFpA0VWdX4G2y1q2rJp0:745wRVJKGtSA0VWdoVu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8250a386b5bd2c1fca99f12ab8964d67

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  8250a386b5bd2c1fca99f12ab8964d67
- Size
  
  1.2MB
- MD5
  
  8250a386b5bd2c1fca99f12ab8964d67
- SHA1
  
  636f4f56d06da34fee28077360e5f077b47e5188
- SHA256
  
  da150723a7cf0cd194c4895181a90d755fc8453d6e23fee4b6a6c687547a638b
- SHA512
  
  ca853322ccbd81dd16fe609087971a7f3ef099d8497bbc959be385f81771d73e75a40fbfe112b730ed8fb8bfbf8c8164766b17462b371e2bc833d7680fd74096
- SSDEEP
  
  24576:e845rlHu6gVJKG75oFpA0VWdX4G2y1q2rJp0:745wRVJKGtSA0VWdoVu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy