mrblack | 08d910fbe0c24f0e12a186a013129ecb07e907ae3331a8d069545e97d3f80c11 | Triage

Submit
Reports

Overview

overview

Static

static

0e05896b10...kes118

ubuntu-18.04-amd64

Sharing

General

Target

0e05896b109cab25b5dd680cbf416015_JaffaCakes118
Size

1.1MB
Sample

240728-hznszavamm
MD5

0e05896b109cab25b5dd680cbf416015
SHA1

1819164e6668fe23fe32f71a3d255e6c1189ca5e
SHA256

08d910fbe0c24f0e12a186a013129ecb07e907ae3331a8d069545e97d3f80c11
SHA512

29826f90d653e6cec31bbe844847d6bad6f16ec1b447b417c3e42d7deec4467df303457a82332c37ff70f2c1698629246fd182eb6c5fb3d9dae1c45d093633f2
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfaUI+gIGYuuCol7r:4vREKfPqVE5jKsfaURHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

0e05896b109cab25b5dd680cbf416015_JaffaCakes118

Resource

ubuntu1804-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  0e05896b109cab25b5dd680cbf416015_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  0e05896b109cab25b5dd680cbf416015
- SHA1
  
  1819164e6668fe23fe32f71a3d255e6c1189ca5e
- SHA256
  
  08d910fbe0c24f0e12a186a013129ecb07e907ae3331a8d069545e97d3f80c11
- SHA512
  
  29826f90d653e6cec31bbe844847d6bad6f16ec1b447b417c3e42d7deec4467df303457a82332c37ff70f2c1698629246fd182eb6c5fb3d9dae1c45d093633f2
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfaUI+gIGYuuCol7r:4vREKfPqVE5jKsfaURHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy