mrblack | a91b8ea628b31ec5c5724dad7b96b38d26ad25c1f185335b6fb639c59e5050e8 | Triage

Submit
Reports

Overview

overview

Static

static

be9ce96a96...91.elf

ubuntu-20.04-amd64

Sharing

General

Target

5ac9924723ee51a34999132cbd369213.bin
Size

456KB
Sample

240321-bwtrgsge54
MD5

cfadd98def21575d38ab3eed4ba9f0a6
SHA1

5c5e942e3c0894ce6e1a2a11056b8e5af41f610b
SHA256

a91b8ea628b31ec5c5724dad7b96b38d26ad25c1f185335b6fb639c59e5050e8
SHA512

b6e6994abce7f71cb7685c9ba08d811648014e0140c1900fe527bde51bf20484a6c77ea8e130b6fb86a4e630603e71f25ac89f273ae5e5f23fc274d40eaca2a7
SSDEEP

12288:phT2+8e/xDEr6sFT4qz4H+H9Qt9EMSpMh7TJaGhSYa58HPYei:/y+vIr6sFT4qzdC9PhIGkYvQb

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

be9ce96a9612ff32bc0deae2ffed9f15116b644ec106d1906fe44a6776595291.elf

Resource

ubuntu2004-amd64-20240221-en

mrblack antivm botnet persistence trojan

ubuntu-20.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  be9ce96a9612ff32bc0deae2ffed9f15116b644ec106d1906fe44a6776595291.elf
- Size
  
  1.2MB
- MD5
  
  5ac9924723ee51a34999132cbd369213
- SHA1
  
  8bb17a17dc4a7885978c0161d7be2b0274a42466
- SHA256
  
  be9ce96a9612ff32bc0deae2ffed9f15116b644ec106d1906fe44a6776595291
- SHA512
  
  f0d1a0ca422c99b37c286b8d6b7b15ad48c6fc0991974623dfbe9c580499e868d36c771aa2d57b1784d515c4cc5524e846e20f5b252f6079b6f71c35c8ae389a
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4R2y1q2rJp0:745vRVJKGtSA0VWeoIu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy