mrblack | 055bd8cac1770e233c499f854522f74ce022cfce4174e4612c0e37b459a3aa04 | Triage

Submit
Reports

Overview

overview

Static

static

b562aa301c...1956ee

ubuntu-18.04-amd64

Sharing

General

Target

b562aa301cf2bb74c5c2b83b9b1956ee
Size

1.5MB
Sample

231222-rcyjbshac8
MD5

b562aa301cf2bb74c5c2b83b9b1956ee
SHA1

801b06907cfcb19b97a9b65d9e486be80852e923
SHA256

055bd8cac1770e233c499f854522f74ce022cfce4174e4612c0e37b459a3aa04
SHA512

fbb76d0716f96e9913c016296f46a879fcb4c8876ec172b26f6f000b35f54cae8523b2da3764ae58b6db5d5e8e86a56404affd9c68978f443b08ead6be0fc2b0
SSDEEP

24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMDnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMDnLmB

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b562aa301cf2bb74c5c2b83b9b1956ee

Resource

ubuntu1804-amd64-20231215-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b562aa301cf2bb74c5c2b83b9b1956ee
- Size
  
  1.5MB
- MD5
  
  b562aa301cf2bb74c5c2b83b9b1956ee
- SHA1
  
  801b06907cfcb19b97a9b65d9e486be80852e923
- SHA256
  
  055bd8cac1770e233c499f854522f74ce022cfce4174e4612c0e37b459a3aa04
- SHA512
  
  fbb76d0716f96e9913c016296f46a879fcb4c8876ec172b26f6f000b35f54cae8523b2da3764ae58b6db5d5e8e86a56404affd9c68978f443b08ead6be0fc2b0
- SSDEEP
  
  24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMDnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMDnLmB
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy