mrblack | 849a234df1b47dd952cb20e7c605861992dd8fc7197516af3d79bf61757a4474 | Triage

Submit
Reports

Overview

overview

Static

static

44332f6df5...kes118

ubuntu-18.04-amd64

Sharing

General

Target

44332f6df559c4fd931408043fbb360e_JaffaCakes118
Size

1.2MB
Sample

240729-ntg15a1dka
MD5

44332f6df559c4fd931408043fbb360e
SHA1

dc224af8a6c0db56537661841b1d0e5935103455
SHA256

849a234df1b47dd952cb20e7c605861992dd8fc7197516af3d79bf61757a4474
SHA512

a8d240f8712ef3d198f68cb5013f1dc61c9b71f43c3039377a5aa84d770513de7e714e46ffb4be2b930c7d3bd8649529ff32236aa0ff21940bfafd47db9b9dee
SSDEEP

24576:e845rlHu6gVJKG75oFpA0VWkX4G2y1q2rJp0:745wRVJKGtSA0VWkoVu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

44332f6df559c4fd931408043fbb360e_JaffaCakes118

Resource

ubuntu1804-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  44332f6df559c4fd931408043fbb360e_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  44332f6df559c4fd931408043fbb360e
- SHA1
  
  dc224af8a6c0db56537661841b1d0e5935103455
- SHA256
  
  849a234df1b47dd952cb20e7c605861992dd8fc7197516af3d79bf61757a4474
- SHA512
  
  a8d240f8712ef3d198f68cb5013f1dc61c9b71f43c3039377a5aa84d770513de7e714e46ffb4be2b930c7d3bd8649529ff32236aa0ff21940bfafd47db9b9dee
- SSDEEP
  
  24576:e845rlHu6gVJKG75oFpA0VWkX4G2y1q2rJp0:745wRVJKGtSA0VWkoVu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy