mrblack | 89681a305db16332df54709f9adcdf6e95561b658ba4f6a3da2a1026312fb2be | Triage

Submit
Reports

Overview

overview

Static

static

e1dc8adf1b...a02232

ubuntu-18.04-amd64

Sharing

General

Target

e1dc8adf1bf1ebceb2b95c5d4fa02232
Size

1.1MB
Sample

231222-s9qqeseab7
MD5

e1dc8adf1bf1ebceb2b95c5d4fa02232
SHA1

496972d3b4f446ebbce8b3743f3546f14c5fd6cd
SHA256

89681a305db16332df54709f9adcdf6e95561b658ba4f6a3da2a1026312fb2be
SHA512

bd77d2d38725f5eeee3e7df4ee8556e58c785ef99ad728a9928bac1d4dc6d72c0c0d6dc684dcafaf7bc6fadede268d271125c1b06ad2fd6ad75928248a80490d
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfaoI+gIGYuuCol7r:4vREKfPqVE5jKsfaoRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

e1dc8adf1bf1ebceb2b95c5d4fa02232

Resource

ubuntu1804-amd64-20231222-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  e1dc8adf1bf1ebceb2b95c5d4fa02232
- Size
  
  1.1MB
- MD5
  
  e1dc8adf1bf1ebceb2b95c5d4fa02232
- SHA1
  
  496972d3b4f446ebbce8b3743f3546f14c5fd6cd
- SHA256
  
  89681a305db16332df54709f9adcdf6e95561b658ba4f6a3da2a1026312fb2be
- SHA512
  
  bd77d2d38725f5eeee3e7df4ee8556e58c785ef99ad728a9928bac1d4dc6d72c0c0d6dc684dcafaf7bc6fadede268d271125c1b06ad2fd6ad75928248a80490d
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfaoI+gIGYuuCol7r:4vREKfPqVE5jKsfaoRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy