Overview

overview

10

Static

static

10

c6cb654b7c...f4ac21

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c6cb654b7c737c67b7fcc714839b108ecf503efaf4d581f59da58e783df4ac21

  • Size

    1.2MB

  • Sample

    240227-c3m3yseg7v

  • MD5

    6e922435326fba001ebcddb3afde00aa

  • SHA1

    ad41b157112936b7fc1029d32c97fecb606a80fe

  • SHA256

    c6cb654b7c737c67b7fcc714839b108ecf503efaf4d581f59da58e783df4ac21

  • SHA512

    e5e70a17ec59018381e1902530d81e5b808d926d3b8fee53e24355449a6c289dcd7013cbc3fa99f9a316bb968788a724b184555611686820277f11d85983fb92

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4S2y1q2rJp0:745vRVJKGtSA0VWeohu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      c6cb654b7c737c67b7fcc714839b108ecf503efaf4d581f59da58e783df4ac21

    • Size

      1.2MB

    • MD5

      6e922435326fba001ebcddb3afde00aa

    • SHA1

      ad41b157112936b7fc1029d32c97fecb606a80fe

    • SHA256

      c6cb654b7c737c67b7fcc714839b108ecf503efaf4d581f59da58e783df4ac21

    • SHA512

      e5e70a17ec59018381e1902530d81e5b808d926d3b8fee53e24355449a6c289dcd7013cbc3fa99f9a316bb968788a724b184555611686820277f11d85983fb92

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4S2y1q2rJp0:745vRVJKGtSA0VWeohu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Hijack Execution Flow

2
T1574

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Hijack Execution Flow

2
T1574

Credential Access

Discovery

Virtualization/Sandbox Evasion

1
T1497

System Network Configuration Discovery

2
T1016

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks