Overview

overview

10

Static

static

10

a9c95cbf64...49135b

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a9c95cbf64552c07a2278f29b249135b

  • Size

    1.1MB

  • Sample

    231222-qyzsvababq

  • MD5

    a9c95cbf64552c07a2278f29b249135b

  • SHA1

    6960164d2652ed3d6006dccdae8ff0e1eefa041a

  • SHA256

    26f389b1b3f68324e328925fa4538fd4843014ed609fdff4bee80f72c845654f

  • SHA512

    b4144490ad0f092d12977395192cb0155f0187b146bac8a51e51a465ddacd940346abb58c38524ddf9134cdaa781b4d17ec2217b4a71057d558cc8e5ecf16844

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfaSI+gIGYuuCol7r:4vREKfPqVE5jKsfaSRHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      a9c95cbf64552c07a2278f29b249135b

    • Size

      1.1MB

    • MD5

      a9c95cbf64552c07a2278f29b249135b

    • SHA1

      6960164d2652ed3d6006dccdae8ff0e1eefa041a

    • SHA256

      26f389b1b3f68324e328925fa4538fd4843014ed609fdff4bee80f72c845654f

    • SHA512

      b4144490ad0f092d12977395192cb0155f0187b146bac8a51e51a465ddacd940346abb58c38524ddf9134cdaa781b4d17ec2217b4a71057d558cc8e5ecf16844

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfaSI+gIGYuuCol7r:4vREKfPqVE5jKsfaSRHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks