mrblack | a91b8ea628b31ec5c5724dad7b96b38d26ad25c1f185335b6fb639c59e5050e8 | Triage

Submit
Reports

Overview

overview

Static

static

be9ce96a96...91.elf

ubuntu-20.04-amd64

Sharing

General

Target

5ac9924723ee51a34999132cbd369213.bin
Size

456KB
Sample

240321-bwtrgsge54
MD5

cfadd98def21575d38ab3eed4ba9f0a6
SHA1

5c5e942e3c0894ce6e1a2a11056b8e5af41f610b
SHA256

a91b8ea628b31ec5c5724dad7b96b38d26ad25c1f185335b6fb639c59e5050e8
SHA512

b6e6994abce7f71cb7685c9ba08d811648014e0140c1900fe527bde51bf20484a6c77ea8e130b6fb86a4e630603e71f25ac89f273ae5e5f23fc274d40eaca2a7
SSDEEP

12288:phT2+8e/xDEr6sFT4qz4H+H9Qt9EMSpMh7TJaGhSYa58HPYei:/y+vIr6sFT4qzdC9PhIGkYvQb

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

be9ce96a9612ff32bc0deae2ffed9f15116b644ec106d1906fe44a6776595291.elf

Resource

ubuntu2004-amd64-20240221-en

mrblack antivm botnet persistence trojan

ubuntu-20.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  be9ce96a9612ff32bc0deae2ffed9f15116b644ec106d1906fe44a6776595291.elf
- Size
  
  1.2MB
- MD5
  
  5ac9924723ee51a34999132cbd369213
- SHA1
  
  8bb17a17dc4a7885978c0161d7be2b0274a42466
- SHA256
  
  be9ce96a9612ff32bc0deae2ffed9f15116b644ec106d1906fe44a6776595291
- SHA512
  
  f0d1a0ca422c99b37c286b8d6b7b15ad48c6fc0991974623dfbe9c580499e868d36c771aa2d57b1784d515c4cc5524e846e20f5b252f6079b6f71c35c8ae389a
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4R2y1q2rJp0:745vRVJKGtSA0VWeoIu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Checks CPU configuration
  Checks CPU information which indicate if the system is a virtual machine.
  antivm
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Virtualization/Sandbox Evasion

Hijack Execution Flow

Credential Access

Discovery

Virtualization/Sandbox Evasion

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy