mrblack | 036a2f04ab56b5e7098c7d866eb21307011b812f126793159be1c853a6a54796 | Triage

Submit
Reports

Overview

overview

Static

static

036a2f04ab...96.elf

ubuntu-18.04-amd64

Sharing

General

Target

036a2f04ab56b5e7098c7d866eb21307011b812f126793159be1c853a6a54796.elf
Size

1.2MB
Sample

240220-fvyfhacb93
MD5

cb084b73d800c005e5a3cf4f299f032a
SHA1

770fca135b25594e77480cdca7116366be2ba91d
SHA256

036a2f04ab56b5e7098c7d866eb21307011b812f126793159be1c853a6a54796
SHA512

1b7476baa62f8388f933e2e15473bca928abf0d1128d551ca21a8d1b6615b04f2660f77bcf406df939d31c9916d42900a5c3dec50ebfa40ce1340ae545e41234
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4B2y1q2rJp0:745vRVJKGtSA0VWeoYu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

036a2f04ab56b5e7098c7d866eb21307011b812f126793159be1c853a6a54796.elf

Resource

ubuntu1804-amd64-20231222-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  036a2f04ab56b5e7098c7d866eb21307011b812f126793159be1c853a6a54796.elf
- Size
  
  1.2MB
- MD5
  
  cb084b73d800c005e5a3cf4f299f032a
- SHA1
  
  770fca135b25594e77480cdca7116366be2ba91d
- SHA256
  
  036a2f04ab56b5e7098c7d866eb21307011b812f126793159be1c853a6a54796
- SHA512
  
  1b7476baa62f8388f933e2e15473bca928abf0d1128d551ca21a8d1b6615b04f2660f77bcf406df939d31c9916d42900a5c3dec50ebfa40ce1340ae545e41234
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4B2y1q2rJp0:745vRVJKGtSA0VWeoYu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy