Overview

overview

10

Static

static

10

edd3f0a689...837e2b

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    edd3f0a68945ff1f8dd6df454d837e2b

  • Size

    1.2MB

  • Sample

    231222-twcr3shfa9

  • MD5

    edd3f0a68945ff1f8dd6df454d837e2b

  • SHA1

    2b1f756d1f5b1723df6872d5727bf55f94c7aba9

  • SHA256

    b9d1294e0dbaf0a397f18b28a09ade1e16e934d979fc0f0cabddb37fc25f219a

  • SHA512

    f7d234d9494272e003cb986c30b2a96184a73c1f4c969738ddd635e1cc25d30b8ce39e6a465a9e23eeba82285f163f76eb68045780a646a3ae2112d074846bb6

  • SSDEEP

    24576:e845rlHu6gVJKG75oFpA0VWfX4G2y1q2rJp0:745wRVJKGtSA0VWfoVu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      edd3f0a68945ff1f8dd6df454d837e2b

    • Size

      1.2MB

    • MD5

      edd3f0a68945ff1f8dd6df454d837e2b

    • SHA1

      2b1f756d1f5b1723df6872d5727bf55f94c7aba9

    • SHA256

      b9d1294e0dbaf0a397f18b28a09ade1e16e934d979fc0f0cabddb37fc25f219a

    • SHA512

      f7d234d9494272e003cb986c30b2a96184a73c1f4c969738ddd635e1cc25d30b8ce39e6a465a9e23eeba82285f163f76eb68045780a646a3ae2112d074846bb6

    • SSDEEP

      24576:e845rlHu6gVJKG75oFpA0VWfX4G2y1q2rJp0:745wRVJKGtSA0VWfoVu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks