Overview

overview

10

Static

static

10

9b40b639ce...7ca67d

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b40b639cec4ddfe9ff15820367ca67d

  • Size

    1.5MB

  • Sample

    231222-qfepysefgq

  • MD5

    9b40b639cec4ddfe9ff15820367ca67d

  • SHA1

    40b22c42d9c10369ec814bf411153c9613fe5a63

  • SHA256

    e2eab5338aa0006916a92e4f9e741adab84d977659d49bf03e6a3bd4b6660a30

  • SHA512

    7a2d95c2321b4dc3a72e4d8876ce8e0f2d8602977c53bac6b1db4985ece6dcc6ce33d93f19ec87a1ea20cbaa4888e6d7b98ef510490eb5b0692394ef07d6b927

  • SSDEEP

    49152:2nilOolLbt1laIunbZsehkxS55555555555555555555555555555555555k55w1:yeOolLbt1laIunlsehNNtYi7COEm

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      9b40b639cec4ddfe9ff15820367ca67d

    • Size

      1.5MB

    • MD5

      9b40b639cec4ddfe9ff15820367ca67d

    • SHA1

      40b22c42d9c10369ec814bf411153c9613fe5a63

    • SHA256

      e2eab5338aa0006916a92e4f9e741adab84d977659d49bf03e6a3bd4b6660a30

    • SHA512

      7a2d95c2321b4dc3a72e4d8876ce8e0f2d8602977c53bac6b1db4985ece6dcc6ce33d93f19ec87a1ea20cbaa4888e6d7b98ef510490eb5b0692394ef07d6b927

    • SSDEEP

      49152:2nilOolLbt1laIunbZsehkxS55555555555555555555555555555555555k55w1:yeOolLbt1laIunlsehNNtYi7COEm

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks