mrblack | 6ebf51d169240f1c233aaf49da07005eca3529ae4c9b19b9de78f906ad7527a6 | Triage

Submit
Reports

Overview

overview

Static

static

3b580fa241...kes118

ubuntu-22.04-amd64

Sharing

General

Target

3b580fa241f0f73f885ad9b364bef5e7_JaffaCakes118
Size

1.1MB
Sample

240729-hlecdaxeml
MD5

3b580fa241f0f73f885ad9b364bef5e7
SHA1

08534ff1a88547dd76c1948257ab7c78c2b7ab7e
SHA256

6ebf51d169240f1c233aaf49da07005eca3529ae4c9b19b9de78f906ad7527a6
SHA512

732b628b52e25eafc4f59b7372b8c9a258366b97d50385e64231a6616a61465581213ee02e9c3ac6284022e589e110dd3e3c16d9dd0572e64430bd9d5acb6477
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfayI+gIGYuuCol7r:4vREKfPqVE5jKsfayRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

3b580fa241f0f73f885ad9b364bef5e7_JaffaCakes118

Resource

ubuntu2204-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  3b580fa241f0f73f885ad9b364bef5e7_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  3b580fa241f0f73f885ad9b364bef5e7
- SHA1
  
  08534ff1a88547dd76c1948257ab7c78c2b7ab7e
- SHA256
  
  6ebf51d169240f1c233aaf49da07005eca3529ae4c9b19b9de78f906ad7527a6
- SHA512
  
  732b628b52e25eafc4f59b7372b8c9a258366b97d50385e64231a6616a61465581213ee02e9c3ac6284022e589e110dd3e3c16d9dd0572e64430bd9d5acb6477
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfayI+gIGYuuCol7r:4vREKfPqVE5jKsfayRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy