mrblack | 646279a6d09af77e39604ccefcf6021752a6572316a91047f0341f08cd8f4d45 | Triage

Submit
Reports

Overview

overview

Static

static

6674baf9b5...23.elf

ubuntu-20.04-amd64

Sharing

General

Target

7d1343b3ab670b162fb2ce8854f01167.bin
Size

434KB
Sample

240506-bzgw4ach21
MD5

e6001b27689e96400db9f3dce76a6a10
SHA1

6b20552b123afe97661d51f0c634f097327417d7
SHA256

646279a6d09af77e39604ccefcf6021752a6572316a91047f0341f08cd8f4d45
SHA512

7ecd7c881775cfd5907e84cca09b655853ad5b9cd235ca8dca5453c314f57c5489e05d1d943837bb09edc36e25f18da04e0c6378835a6aaf08ffad0eedde0260
SSDEEP

12288:LUuSX0Nt4jQtnLydwoPuP2xGjOTz+AqQGSWvUDeN55:L6XJQdsHmP2gHA+YDeF

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

6674baf9b5ee9baf415ae92ed69b522bf1367cceb60cfd57ae7bc4b8e0677a23.elf

Resource

ubuntu2004-amd64-20240418-en

mrblack antivm botnet persistence trojan

ubuntu-20.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  6674baf9b5ee9baf415ae92ed69b522bf1367cceb60cfd57ae7bc4b8e0677a23.elf
- Size
  
  1.1MB
- MD5
  
  7d1343b3ab670b162fb2ce8854f01167
- SHA1
  
  de95e608dd0e97d5eca90b6b6d747465980d4857
- SHA256
  
  6674baf9b5ee9baf415ae92ed69b522bf1367cceb60cfd57ae7bc4b8e0677a23
- SHA512
  
  22ff942fcaabe8a63919a53bf68642dd45943ef3c24e558b18d51ca5c4c0209be653ec268f9d0f64b5634e9dd3e32f7eacdb746fd2263907c0f8f33d89dd91be
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfawI+gIGYuuCol7r:4vREKfPqVE5jKsfawRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy