Overview

overview

10

Static

static

10

b43f51ff2d...cb860c

ubuntu-18.04-amd64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b43f51ff2d22190de7506715402aa89521a55d2a24f15044103dfe6fb2cb860c

  • Size

    1.2MB

  • Sample

    240301-sysewahb4t

  • MD5

    274a2caa2427a5cbdd52a7eb0dd5860d

  • SHA1

    8fcfea93ae7049c5f1a7679199d9f7f72deb5940

  • SHA256

    b43f51ff2d22190de7506715402aa89521a55d2a24f15044103dfe6fb2cb860c

  • SHA512

    38fccb019474b23bcc060f87c9707aab5ff721fc398df8fe8bebd681b7962584347b58800602e210b3a42e94262072d5592eae79e44ea57478fb23fb4c4f9645

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4Q2y1q2rJp0:745vRVJKGtSA0VWeonu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      b43f51ff2d22190de7506715402aa89521a55d2a24f15044103dfe6fb2cb860c

    • Size

      1.2MB

    • MD5

      274a2caa2427a5cbdd52a7eb0dd5860d

    • SHA1

      8fcfea93ae7049c5f1a7679199d9f7f72deb5940

    • SHA256

      b43f51ff2d22190de7506715402aa89521a55d2a24f15044103dfe6fb2cb860c

    • SHA512

      38fccb019474b23bcc060f87c9707aab5ff721fc398df8fe8bebd681b7962584347b58800602e210b3a42e94262072d5592eae79e44ea57478fb23fb4c4f9645

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4Q2y1q2rJp0:745vRVJKGtSA0VWeonu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks