mrblack | 551b48e425dcf4337ee023ad65a871123d172e43fabbc965252f5a2e69d0bd4a | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

8285f35183...48411d

ubuntu-18.04-amd64

Sharing

General

Target

8285f35183f0341b8dfe425b7348411d
Size

1.2MB
Sample

231222-lsxn3sfaem
MD5

8285f35183f0341b8dfe425b7348411d
SHA1

44e569a191a5d7bd720c7af06c2fd81a501a245b
SHA256

551b48e425dcf4337ee023ad65a871123d172e43fabbc965252f5a2e69d0bd4a
SHA512

d9708bdf6e552f1fca816432f1f9a7d4b3ff8517fe2e18b3586c732a411262920743435f19a250f112ac829633f8370bb16de24bf2ec4692777293d97bbb6b4f
SSDEEP

24576:e845rlHu6gVJKG75oFpA0VWqX4G2y1q2rJp0:745wRVJKGtSA0VWqoVu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

8285f35183f0341b8dfe425b7348411d

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  8285f35183f0341b8dfe425b7348411d
- Size
  
  1.2MB
- MD5
  
  8285f35183f0341b8dfe425b7348411d
- SHA1
  
  44e569a191a5d7bd720c7af06c2fd81a501a245b
- SHA256
  
  551b48e425dcf4337ee023ad65a871123d172e43fabbc965252f5a2e69d0bd4a
- SHA512
  
  d9708bdf6e552f1fca816432f1f9a7d4b3ff8517fe2e18b3586c732a411262920743435f19a250f112ac829633f8370bb16de24bf2ec4692777293d97bbb6b4f
- SSDEEP
  
  24576:e845rlHu6gVJKG75oFpA0VWqX4G2y1q2rJp0:745wRVJKGtSA0VWqoVu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.