mrblack | 913b27ed6c2bb0f654cfbc8d8dadbf3b187ca4916a56d6397808f1582b826ef4 | Triage

Submit
Reports

Overview

overview

Static

static

27201c2352...kes118

ubuntu-22.04-amd64

Sharing

General

Target

27201c2352dc520fea6cd5d52680cb62_JaffaCakes118
Size

1.5MB
Sample

240728-14f8sssbjc
MD5

27201c2352dc520fea6cd5d52680cb62
SHA1

7a8b40a3750419a2dfa0e86b9dc9f42cace11ebd
SHA256

913b27ed6c2bb0f654cfbc8d8dadbf3b187ca4916a56d6397808f1582b826ef4
SHA512

256688e4ed7aa985b5e868773add6bba2a09ec5cfa883a02287cbd5865b041bc2a984e1b3fd43f81148fb0a89144dc3cfa5969fc3b7da169d28085903586eb5a
SSDEEP

49152:2nilOolLbt1laIunbZsehknS55555555555555555555555555555555555k55w1:yeOolLbt1laIunlsehHNtYi7COEm

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

27201c2352dc520fea6cd5d52680cb62_JaffaCakes118

Resource

ubuntu2204-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  27201c2352dc520fea6cd5d52680cb62_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  27201c2352dc520fea6cd5d52680cb62
- SHA1
  
  7a8b40a3750419a2dfa0e86b9dc9f42cace11ebd
- SHA256
  
  913b27ed6c2bb0f654cfbc8d8dadbf3b187ca4916a56d6397808f1582b826ef4
- SHA512
  
  256688e4ed7aa985b5e868773add6bba2a09ec5cfa883a02287cbd5865b041bc2a984e1b3fd43f81148fb0a89144dc3cfa5969fc3b7da169d28085903586eb5a
- SSDEEP
  
  49152:2nilOolLbt1laIunbZsehknS55555555555555555555555555555555555k55w1:yeOolLbt1laIunlsehHNtYi7COEm
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy