Overview

overview

10

Static

static

10

df76bc4347...8bde76

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    df76bc434765108eecd8cbfb6a8bde76

  • Size

    1.1MB

  • Sample

    231222-s7dyvadda3

  • MD5

    df76bc434765108eecd8cbfb6a8bde76

  • SHA1

    566a6dd2fd0b0352b7b0867ac72817f9a66fda1c

  • SHA256

    ea096e487a5853558cc9f00936a167a915e97375c4892fe8111252da61d7cfbf

  • SHA512

    8e809ab6686de36c0d670aa5217f346377e4074dc49cb802702ab643fba20b325bc65da0961be6e4b98a237f84f59074953b1b34f7fc60bf0db391661803158d

  • SSDEEP

    24576:4vRE7caCfKGPqVEDNLFxKsfadI+gIGYuuCol7r:4vREKfPqVE5jKsfadRHGVo7r

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      df76bc434765108eecd8cbfb6a8bde76

    • Size

      1.1MB

    • MD5

      df76bc434765108eecd8cbfb6a8bde76

    • SHA1

      566a6dd2fd0b0352b7b0867ac72817f9a66fda1c

    • SHA256

      ea096e487a5853558cc9f00936a167a915e97375c4892fe8111252da61d7cfbf

    • SHA512

      8e809ab6686de36c0d670aa5217f346377e4074dc49cb802702ab643fba20b325bc65da0961be6e4b98a237f84f59074953b1b34f7fc60bf0db391661803158d

    • SSDEEP

      24576:4vRE7caCfKGPqVEDNLFxKsfadI+gIGYuuCol7r:4vREKfPqVE5jKsfadRHGVo7r

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Write file to user bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

1
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

1
T1574

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Hijack Execution Flow

1
T1574

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Network Configuration Discovery

1
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks