mrblack | 3532755a22f124078e5bc41cb4122c72784e40e98c5286fa59ac8f50c6a72316 | Triage

Submit
Reports

Overview

overview

Static

static

b8903a8cdd...151b30

ubuntu-18.04-amd64

Sharing

General

Target

b8903a8cddbce6d529f56f0dfa151b30
Size

1.5MB
Sample

231222-rf6zwaaaa3
MD5

b8903a8cddbce6d529f56f0dfa151b30
SHA1

79c3a1f5f734a5c5e570180b4950ecbe9ead539c
SHA256

3532755a22f124078e5bc41cb4122c72784e40e98c5286fa59ac8f50c6a72316
SHA512

d6a6b51d63dbd1435130e26cf863f80785169a329c2cc50eee11bdd2e5eecfa0c7c6dbe7014570a82473c7524c2ed6b4c30c67bb0bc0270b18ba5b6f1a400142
SSDEEP

24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMEnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMEnLmB

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b8903a8cddbce6d529f56f0dfa151b30

Resource

ubuntu1804-amd64-20231222-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b8903a8cddbce6d529f56f0dfa151b30
- Size
  
  1.5MB
- MD5
  
  b8903a8cddbce6d529f56f0dfa151b30
- SHA1
  
  79c3a1f5f734a5c5e570180b4950ecbe9ead539c
- SHA256
  
  3532755a22f124078e5bc41cb4122c72784e40e98c5286fa59ac8f50c6a72316
- SHA512
  
  d6a6b51d63dbd1435130e26cf863f80785169a329c2cc50eee11bdd2e5eecfa0c7c6dbe7014570a82473c7524c2ed6b4c30c67bb0bc0270b18ba5b6f1a400142
- SSDEEP
  
  24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMEnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMEnLmB
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy