Overview

overview

10

Static

static

10

ca7a6379af...b34401

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ca7a6379aff2dbd02d3d776fe6b34401

  • Size

    1.2MB

  • Sample

    231222-r5bv2acgej

  • MD5

    ca7a6379aff2dbd02d3d776fe6b34401

  • SHA1

    e94e00883093a0a90908f94c139f8fe897b0b75d

  • SHA256

    aec899c4b4433cbf3712fd7c9b07ca5da93a4ceceed234d088a8589853076474

  • SHA512

    7cfe2bf0b60f67f21a95fa929e95633d782c814e4028b22e9e34dba0fe981299b308af66bceb320de685b1ac1175269139818b701e50fc8dbd0c5eea58fed01e

  • SSDEEP

    24576:e845rlHu6gVJKG75oFpA0VWiX4G2y1q2rJp0:745wRVJKGtSA0VWioVu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      ca7a6379aff2dbd02d3d776fe6b34401

    • Size

      1.2MB

    • MD5

      ca7a6379aff2dbd02d3d776fe6b34401

    • SHA1

      e94e00883093a0a90908f94c139f8fe897b0b75d

    • SHA256

      aec899c4b4433cbf3712fd7c9b07ca5da93a4ceceed234d088a8589853076474

    • SHA512

      7cfe2bf0b60f67f21a95fa929e95633d782c814e4028b22e9e34dba0fe981299b308af66bceb320de685b1ac1175269139818b701e50fc8dbd0c5eea58fed01e

    • SSDEEP

      24576:e845rlHu6gVJKG75oFpA0VWiX4G2y1q2rJp0:745wRVJKGtSA0VWioVu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks