mrblack | 2f0049a0ad3317c7966984a6399906d1c969f23bbd8de10221230fa7a21bbc4f | Triage

Submit
Reports

Overview

overview

Static

static

397995424f...kes118

ubuntu-22.04-amd64

Sharing

General

Target

397995424fc8cf4fd67173520d8cc0b0_JaffaCakes118
Size

1.2MB
Sample

240729-f1458syfrc
MD5

397995424fc8cf4fd67173520d8cc0b0
SHA1

799b48ff8c917d744d8e713cc2fbb861a55ea074
SHA256

2f0049a0ad3317c7966984a6399906d1c969f23bbd8de10221230fa7a21bbc4f
SHA512

5bc1b6e5253076afe2e23ccd8f648a60a1d8042c326928244b0bfe57a4c78e28f44d08d90ab5b2a85d3943a9893f539f3e876a48410517a658c329bdb5139428
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4O2y1q2rJp0:745vRVJKGtSA0VWeotu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

397995424fc8cf4fd67173520d8cc0b0_JaffaCakes118

Resource

ubuntu2204-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  397995424fc8cf4fd67173520d8cc0b0_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  397995424fc8cf4fd67173520d8cc0b0
- SHA1
  
  799b48ff8c917d744d8e713cc2fbb861a55ea074
- SHA256
  
  2f0049a0ad3317c7966984a6399906d1c969f23bbd8de10221230fa7a21bbc4f
- SHA512
  
  5bc1b6e5253076afe2e23ccd8f648a60a1d8042c326928244b0bfe57a4c78e28f44d08d90ab5b2a85d3943a9893f539f3e876a48410517a658c329bdb5139428
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4O2y1q2rJp0:745vRVJKGtSA0VWeotu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy