mrblack | 61bc77c9b7589a6987dae9bae6b194136f0bba1a1dad8fdc67de7038b572a493 | Triage

Submit
Reports

Overview

overview

Static

static

a538c26af9...95a294

ubuntu-18.04-amd64

Sharing

General

Target

a538c26af968f61af3479445e495a294
Size

1.2MB
Sample

231222-qs211shfem
MD5

a538c26af968f61af3479445e495a294
SHA1

f67535a87198ef8788620bf0a35131d9c6006a97
SHA256

61bc77c9b7589a6987dae9bae6b194136f0bba1a1dad8fdc67de7038b572a493
SHA512

ee8a860385bba87a9e7f8d3cf0c22ba3ad10a18d9513857bfa9f73b124994f65a0f477dd46f6ed3f585aa556d4c31209d970f4ccfa9a6f441a571a18f7dc32de
SSDEEP

24576:e845rUHu6gVJKG75oFpA0VWPX4G2y1q2rJp0:7451RVJKGtSA0VWPoVu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

a538c26af968f61af3479445e495a294

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  a538c26af968f61af3479445e495a294
- Size
  
  1.2MB
- MD5
  
  a538c26af968f61af3479445e495a294
- SHA1
  
  f67535a87198ef8788620bf0a35131d9c6006a97
- SHA256
  
  61bc77c9b7589a6987dae9bae6b194136f0bba1a1dad8fdc67de7038b572a493
- SHA512
  
  ee8a860385bba87a9e7f8d3cf0c22ba3ad10a18d9513857bfa9f73b124994f65a0f477dd46f6ed3f585aa556d4c31209d970f4ccfa9a6f441a571a18f7dc32de
- SSDEEP
  
  24576:e845rUHu6gVJKG75oFpA0VWPX4G2y1q2rJp0:7451RVJKGtSA0VWPoVu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy