mrblack | 646279a6d09af77e39604ccefcf6021752a6572316a91047f0341f08cd8f4d45 | Triage

Submit
Reports

Overview

overview

Static

static

6674baf9b5...23.elf

ubuntu-20.04-amd64

Sharing

General

Target

7d1343b3ab670b162fb2ce8854f01167.bin
Size

434KB
Sample

240506-bzgw4ach21
MD5

e6001b27689e96400db9f3dce76a6a10
SHA1

6b20552b123afe97661d51f0c634f097327417d7
SHA256

646279a6d09af77e39604ccefcf6021752a6572316a91047f0341f08cd8f4d45
SHA512

7ecd7c881775cfd5907e84cca09b655853ad5b9cd235ca8dca5453c314f57c5489e05d1d943837bb09edc36e25f18da04e0c6378835a6aaf08ffad0eedde0260
SSDEEP

12288:LUuSX0Nt4jQtnLydwoPuP2xGjOTz+AqQGSWvUDeN55:L6XJQdsHmP2gHA+YDeF

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6674baf9b5ee9baf415ae92ed69b522bf1367cceb60cfd57ae7bc4b8e0677a23.elf

Resource

ubuntu2004-amd64-20240418-en

mrblack antivm botnet persistence trojan

ubuntu-20.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  6674baf9b5ee9baf415ae92ed69b522bf1367cceb60cfd57ae7bc4b8e0677a23.elf
- Size
  
  1.1MB
- MD5
  
  7d1343b3ab670b162fb2ce8854f01167
- SHA1
  
  de95e608dd0e97d5eca90b6b6d747465980d4857
- SHA256
  
  6674baf9b5ee9baf415ae92ed69b522bf1367cceb60cfd57ae7bc4b8e0677a23
- SHA512
  
  22ff942fcaabe8a63919a53bf68642dd45943ef3c24e558b18d51ca5c4c0209be653ec268f9d0f64b5634e9dd3e32f7eacdb746fd2263907c0f8f33d89dd91be
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfawI+gIGYuuCol7r:4vREKfPqVE5jKsfawRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy