mrblack | bfa080c361c8180c681d0ba3c9663e9e933352f4ec3396c486f2094def27a2c2 | Triage

Submit
Reports

Overview

overview

Static

static

87a0ff4546...e1771d

ubuntu-18.04-amd64

Sharing

General

Target

87a0ff454622c5c3d3a2506134e1771d
Size

1.2MB
Sample

231222-na8pqsggak
MD5

87a0ff454622c5c3d3a2506134e1771d
SHA1

d46762366ce8e1a702b6077c0c32d648fadea929
SHA256

bfa080c361c8180c681d0ba3c9663e9e933352f4ec3396c486f2094def27a2c2
SHA512

badba44b6b461cc0362c09557a0743f0a2684c385a6c83434382fca495e404e4d6dd77c75364c98b6c55dc4b204eafed66642cb7e5983b98558d299ce1b77964
SSDEEP

24576:e845rlHu6gVJKG75oFpA0VWtX4G2y1q2rJp0:745wRVJKGtSA0VWtoVu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

87a0ff454622c5c3d3a2506134e1771d

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  87a0ff454622c5c3d3a2506134e1771d
- Size
  
  1.2MB
- MD5
  
  87a0ff454622c5c3d3a2506134e1771d
- SHA1
  
  d46762366ce8e1a702b6077c0c32d648fadea929
- SHA256
  
  bfa080c361c8180c681d0ba3c9663e9e933352f4ec3396c486f2094def27a2c2
- SHA512
  
  badba44b6b461cc0362c09557a0743f0a2684c385a6c83434382fca495e404e4d6dd77c75364c98b6c55dc4b204eafed66642cb7e5983b98558d299ce1b77964
- SSDEEP
  
  24576:e845rlHu6gVJKG75oFpA0VWtX4G2y1q2rJp0:745wRVJKGtSA0VWtoVu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy