mrblack | 75a39283e00fdd65813efd892522b77c655b920b32637b0c7106a0340d1a97cf | Triage

Submit
Reports

Overview

overview

Static

static

39a708f099...kes118

ubuntu-20.04-amd64

Sharing

General

Target

39a708f0997751f152ecb7690a77dddd_JaffaCakes118
Size

1.1MB
Sample

240512-mkna4see44
MD5

39a708f0997751f152ecb7690a77dddd
SHA1

8d9b4d82b1cbff29b83c5ad13d64dac197fcf7a5
SHA256

75a39283e00fdd65813efd892522b77c655b920b32637b0c7106a0340d1a97cf
SHA512

75a1d0cc16b2f0023f4c61ed53060fa8c249bbe346a98f3cbdc90e0442172184b48d820866e8223b6be6f23d6d26f4c9435938afa4a88af03e1e71c657f62eef
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfaCI+gIGYuuCol7r:4vREKfPqVE5jKsfaCRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

39a708f0997751f152ecb7690a77dddd_JaffaCakes118

Resource

ubuntu2004-amd64-20240508-en

mrblack antivm botnet persistence trojan

ubuntu-20.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  39a708f0997751f152ecb7690a77dddd_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  39a708f0997751f152ecb7690a77dddd
- SHA1
  
  8d9b4d82b1cbff29b83c5ad13d64dac197fcf7a5
- SHA256
  
  75a39283e00fdd65813efd892522b77c655b920b32637b0c7106a0340d1a97cf
- SHA512
  
  75a1d0cc16b2f0023f4c61ed53060fa8c249bbe346a98f3cbdc90e0442172184b48d820866e8223b6be6f23d6d26f4c9435938afa4a88af03e1e71c657f62eef
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfaCI+gIGYuuCol7r:4vREKfPqVE5jKsfaCRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy