mrblack | ae7364589eabd4d1efd8aa0659be2fa0746fb02fe4a15170bf494f71eb841564 | Triage

Submit
Reports

Overview

overview

Static

static

afb29464ef...71e18a

ubuntu-18.04-amd64

Sharing

General

Target

afb29464ef7a73f9e7b4bd0aec71e18a
Size

1.1MB
Sample

231222-q59avschak
MD5

afb29464ef7a73f9e7b4bd0aec71e18a
SHA1

3c316e7d849790832b90f5dff7325951d1a3676d
SHA256

ae7364589eabd4d1efd8aa0659be2fa0746fb02fe4a15170bf494f71eb841564
SHA512

8c9fcfefafd2fc05a8db40516459b9a7d456d11ca6f5f6476fa4da36138bad67a9f6973334722d4f35767411e7171e2ad551e8b2ceacd7808547c4b08e464be5
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfaZI+gIGYuuCol7r:4vREKfPqVE5jKsfaZRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

afb29464ef7a73f9e7b4bd0aec71e18a

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  afb29464ef7a73f9e7b4bd0aec71e18a
- Size
  
  1.1MB
- MD5
  
  afb29464ef7a73f9e7b4bd0aec71e18a
- SHA1
  
  3c316e7d849790832b90f5dff7325951d1a3676d
- SHA256
  
  ae7364589eabd4d1efd8aa0659be2fa0746fb02fe4a15170bf494f71eb841564
- SHA512
  
  8c9fcfefafd2fc05a8db40516459b9a7d456d11ca6f5f6476fa4da36138bad67a9f6973334722d4f35767411e7171e2ad551e8b2ceacd7808547c4b08e464be5
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfaZI+gIGYuuCol7r:4vREKfPqVE5jKsfaZRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy