mrblack | 3e41e4b985ab8bd091888cd43446a4cf36fd87cc5dbf2c437e2b79cfc297b170 | Triage

Submit
Reports

Overview

overview

Static

static

0d7916ed53...kes118

ubuntu-20.04-amd64

Sharing

General

Target

0d7916ed53af023a360cd8b6788b9517_JaffaCakes118
Size

1.2MB
Sample

240728-hnr19axckh
MD5

0d7916ed53af023a360cd8b6788b9517
SHA1

e2673bbd4e9ec794db03c414b113db58c53009fe
SHA256

3e41e4b985ab8bd091888cd43446a4cf36fd87cc5dbf2c437e2b79cfc297b170
SHA512

85dc18b4e86d6131fb896bbac601a20c99cf9c20d706f26586bbb4ddf928a277622632281266e83686d796ac9d375081ce5686246bfae0d15207d022de717194
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWIX4f2y1q2rJp0:745vRVJKGtSA0VWIoeu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0d7916ed53af023a360cd8b6788b9517_JaffaCakes118

Resource

ubuntu2004-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-20.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0d7916ed53af023a360cd8b6788b9517_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  0d7916ed53af023a360cd8b6788b9517
- SHA1
  
  e2673bbd4e9ec794db03c414b113db58c53009fe
- SHA256
  
  3e41e4b985ab8bd091888cd43446a4cf36fd87cc5dbf2c437e2b79cfc297b170
- SHA512
  
  85dc18b4e86d6131fb896bbac601a20c99cf9c20d706f26586bbb4ddf928a277622632281266e83686d796ac9d375081ce5686246bfae0d15207d022de717194
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWIX4f2y1q2rJp0:745vRVJKGtSA0VWIoeu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy