mrblack | 13b31c857ca874127126dc16929e7a281f97d2dc84650fb5898bd41572efc7a8 | Triage

Submit
Reports

Overview

overview

Static

static

ecd85f4817...91b8ec

ubuntu-18.04-amd64

Sharing

General

Target

ecd85f48177089d1e7672cf04d91b8ec
Size

1.1MB
Sample

231222-tstleshch8
MD5

ecd85f48177089d1e7672cf04d91b8ec
SHA1

1de79f6fd9322ce3a3716e24bda666a7b97ed293
SHA256

13b31c857ca874127126dc16929e7a281f97d2dc84650fb5898bd41572efc7a8
SHA512

5de0f0aebd0b9daaa06cc2cd1773bb6fe39f5dc1d7d58f423b77d73a966575cc70958275aee8ccbbadfcd07841e99b92d6d84c5fc4a7864a6af5c23e4750ca0c
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfaJI+gIGYuuCol7r:4vREKfPqVE5jKsfaJRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

ecd85f48177089d1e7672cf04d91b8ec

Resource

ubuntu1804-amd64-20231222-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  ecd85f48177089d1e7672cf04d91b8ec
- Size
  
  1.1MB
- MD5
  
  ecd85f48177089d1e7672cf04d91b8ec
- SHA1
  
  1de79f6fd9322ce3a3716e24bda666a7b97ed293
- SHA256
  
  13b31c857ca874127126dc16929e7a281f97d2dc84650fb5898bd41572efc7a8
- SHA512
  
  5de0f0aebd0b9daaa06cc2cd1773bb6fe39f5dc1d7d58f423b77d73a966575cc70958275aee8ccbbadfcd07841e99b92d6d84c5fc4a7864a6af5c23e4750ca0c
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfaJI+gIGYuuCol7r:4vREKfPqVE5jKsfaJRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy