mrblack | a6e1f777a2a55c58d6ded153ce936b15fa89cfa9d060e0a754154946020c502b | Triage

Submit
Reports

Overview

overview

Static

static

864ae8bcb0...994843

ubuntu-18.04-amd64

Sharing

General

Target

864ae8bcb04cda51edf97f775e994843
Size

1.5MB
Sample

231222-mxj48agchq
MD5

864ae8bcb04cda51edf97f775e994843
SHA1

375c90e4dc7a39856896fd17dcc46c74c2310b38
SHA256

a6e1f777a2a55c58d6ded153ce936b15fa89cfa9d060e0a754154946020c502b
SHA512

20dce928b45970817f5d2eb2c6accf38226b239b2abd33910c2f3bb58f499186c61fe9ab7bbfe5c7b3befaba70591f6d356dee15722a92d1b50f42d1548a1d45
SSDEEP

24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMlnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMlnLmB

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

864ae8bcb04cda51edf97f775e994843

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  864ae8bcb04cda51edf97f775e994843
- Size
  
  1.5MB
- MD5
  
  864ae8bcb04cda51edf97f775e994843
- SHA1
  
  375c90e4dc7a39856896fd17dcc46c74c2310b38
- SHA256
  
  a6e1f777a2a55c58d6ded153ce936b15fa89cfa9d060e0a754154946020c502b
- SHA512
  
  20dce928b45970817f5d2eb2c6accf38226b239b2abd33910c2f3bb58f499186c61fe9ab7bbfe5c7b3befaba70591f6d356dee15722a92d1b50f42d1548a1d45
- SSDEEP
  
  24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMlnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMlnLmB
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy