mrblack | 46fdad450a9e8552e956850fed6b788b82a8f97a43543e0e6d079f44b2570d27 | Triage

Submit
Reports

Overview

overview

Static

static

37aeb312f9...kes118

ubuntu-18.04-amd64

Sharing

General

Target

37aeb312f99bda9d77797c65efa8235d_JaffaCakes118
Size

1.2MB
Sample

240729-epldbaserp
MD5

37aeb312f99bda9d77797c65efa8235d
SHA1

ae68f9f5de15748ca8946215b67e4d83dbbd7f1a
SHA256

46fdad450a9e8552e956850fed6b788b82a8f97a43543e0e6d079f44b2570d27
SHA512

9f8a1dd5fae8cd17624ef55afd1c5dad6f2c906c98f68aab78c50c024af967bfa9673e798b56bfd825fcbbaf6576d7d65c4f53e91c078a010b1d5b42b4f3e9dc
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWIX4O2y1q2rJp0:745vRVJKGtSA0VWIotu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

37aeb312f99bda9d77797c65efa8235d_JaffaCakes118

Resource

ubuntu1804-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  37aeb312f99bda9d77797c65efa8235d_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  37aeb312f99bda9d77797c65efa8235d
- SHA1
  
  ae68f9f5de15748ca8946215b67e4d83dbbd7f1a
- SHA256
  
  46fdad450a9e8552e956850fed6b788b82a8f97a43543e0e6d079f44b2570d27
- SHA512
  
  9f8a1dd5fae8cd17624ef55afd1c5dad6f2c906c98f68aab78c50c024af967bfa9673e798b56bfd825fcbbaf6576d7d65c4f53e91c078a010b1d5b42b4f3e9dc
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWIX4O2y1q2rJp0:745vRVJKGtSA0VWIotu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy