mrblack | 23a91d190440fc1c4a8889e2359d593716497f78b71f421365b9bdd1772abcec | Triage

Submit
Reports

Overview

overview

Static

static

5be363e0fa...kes118

ubuntu-20.04-amd64

Sharing

General

Target

5be363e0faf3e8ecc4bf54ba66ac8f40_JaffaCakes118
Size

1.2MB
Sample

240519-2rz1tafd3v
MD5

5be363e0faf3e8ecc4bf54ba66ac8f40
SHA1

f48521b007c49c7c3fe3424819971912f84bf29c
SHA256

23a91d190440fc1c4a8889e2359d593716497f78b71f421365b9bdd1772abcec
SHA512

23aaf0d86b982980ef17eae171ce6c06bdb667f70c0618caff736e9a38a9905b0a2223821ea14ac1cbd313195df1d0252db85a8f8785d1c0e6f4eea7d63e3c04
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWIX4i2y1q2rJp0:745vRVJKGtSA0VWIoRu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5be363e0faf3e8ecc4bf54ba66ac8f40_JaffaCakes118

Resource

ubuntu2004-amd64-20240508-en

mrblack antivm botnet persistence trojan

ubuntu-20.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  5be363e0faf3e8ecc4bf54ba66ac8f40_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  5be363e0faf3e8ecc4bf54ba66ac8f40
- SHA1
  
  f48521b007c49c7c3fe3424819971912f84bf29c
- SHA256
  
  23a91d190440fc1c4a8889e2359d593716497f78b71f421365b9bdd1772abcec
- SHA512
  
  23aaf0d86b982980ef17eae171ce6c06bdb667f70c0618caff736e9a38a9905b0a2223821ea14ac1cbd313195df1d0252db85a8f8785d1c0e6f4eea7d63e3c04
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWIX4i2y1q2rJp0:745vRVJKGtSA0VWIoRu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy