mrblack | feae327b591a0bfda987bfd51c03d7ffe2d2f2a5e1c4746f84ab5c56e26cfb34 | Triage

Submit
Reports

Overview

overview

Static

static

1667e92adf...kes118

ubuntu-22.04-amd64

Sharing

General

Target

1667e92adf34ba91e26b75d8faf7c934_JaffaCakes118
Size

1.1MB
Sample

240728-nctctsvckq
MD5

1667e92adf34ba91e26b75d8faf7c934
SHA1

d9795a5894f120aa45f808c640d854a3743a858b
SHA256

feae327b591a0bfda987bfd51c03d7ffe2d2f2a5e1c4746f84ab5c56e26cfb34
SHA512

9637815d7d5a6800686cccefbca0a3e9b167f20453ee8fc648a729c545298f01543cd47b8696cb28d729701ffd2fd261e85ab92299a15ba6691c4eeda9e50792
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfalI+gIGYuuCol7r:4vREKfPqVE5jKsfalRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

1667e92adf34ba91e26b75d8faf7c934_JaffaCakes118

Resource

ubuntu2204-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  1667e92adf34ba91e26b75d8faf7c934_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  1667e92adf34ba91e26b75d8faf7c934
- SHA1
  
  d9795a5894f120aa45f808c640d854a3743a858b
- SHA256
  
  feae327b591a0bfda987bfd51c03d7ffe2d2f2a5e1c4746f84ab5c56e26cfb34
- SHA512
  
  9637815d7d5a6800686cccefbca0a3e9b167f20453ee8fc648a729c545298f01543cd47b8696cb28d729701ffd2fd261e85ab92299a15ba6691c4eeda9e50792
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfalI+gIGYuuCol7r:4vREKfPqVE5jKsfalRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy