Overview

overview

10

Static

static

10

9c65f61859...0d.elf

ubuntu-18.04-amd64

10

Resubmissions

22-03-2024 16:06

240322-tkbewafh2t 10

22-03-2024 16:03

240322-thwb9sfg8t 10

22-03-2024 08:44

240322-km5xtsae28 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9c65f61859b4b8ae00c79ddd63abf60d.elf

  • Size

    1.2MB

  • Sample

    240322-tkbewafh2t

  • MD5

    9c65f61859b4b8ae00c79ddd63abf60d

  • SHA1

    ddf2c1d0abdef832ec746004dcdfd0cd800048ae

  • SHA256

    fab8944e3f0541c0ff149306ea74137f7c1e9c081670906844769a45aa7171b4

  • SHA512

    ed39ef838a9cdff65e891f65a98800ebd282645e13d9f83a6b620e3bc573a3fae8e5f312136b970977a4cdbdf5a0e600be401cf425a2d673d30c715562ab163e

  • SSDEEP

    24576:e845rGHu6gVJKG75oFpA0VWeX4a2y1q2rJp0:745vRVJKGtSA0VWeoZu9p0

Score
10/10
mrblackantivmbotnetlinuxpersistencetrojan

Malware Config

Targets

    • Target

      9c65f61859b4b8ae00c79ddd63abf60d.elf

    • Size

      1.2MB

    • MD5

      9c65f61859b4b8ae00c79ddd63abf60d

    • SHA1

      ddf2c1d0abdef832ec746004dcdfd0cd800048ae

    • SHA256

      fab8944e3f0541c0ff149306ea74137f7c1e9c081670906844769a45aa7171b4

    • SHA512

      ed39ef838a9cdff65e891f65a98800ebd282645e13d9f83a6b620e3bc573a3fae8e5f312136b970977a4cdbdf5a0e600be401cf425a2d673d30c715562ab163e

    • SSDEEP

      24576:e845rGHu6gVJKG75oFpA0VWeX4a2y1q2rJp0:745vRVJKGtSA0VWeoZu9p0

    Score
    10/10
    mrblackantivmbotnetpersistencetrojan

    • MrBlack Trojan

      IoT botnet which infects routers to be used for DDoS attacks.

      trojanbotnetmrblack

    • MrBlack trojan

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Write file to user bin folder

    • Writes file to system bin folder

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks