mrblack | 7065f1404e0801ddd1f76833375da84e51445b243e33ecedc55b15f3a019a7cd | Triage

Submit
Reports

Overview

overview

Static

static

446e6bc208...kes118

ubuntu-22.04-amd64

Sharing

General

Target

446e6bc2085d98e525e4ab48efde5910_JaffaCakes118
Size

1.2MB
Sample

240729-nw2hjs1drb
MD5

446e6bc2085d98e525e4ab48efde5910
SHA1

3f1fad783f3f5ba60752ff69460e36f6e19c3bc8
SHA256

7065f1404e0801ddd1f76833375da84e51445b243e33ecedc55b15f3a019a7cd
SHA512

f9b252bbda2b1dc2737313975d1e4ad501365ad318bd472db2b9c8729a58382c958a0347e3372cd2c686b527e779971a93641d4dc93c35a3a939909731f6e453
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWIX4q2y1q2rJp0:745vRVJKGtSA0VWIoJu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

446e6bc2085d98e525e4ab48efde5910_JaffaCakes118

Resource

ubuntu2204-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  446e6bc2085d98e525e4ab48efde5910_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  446e6bc2085d98e525e4ab48efde5910
- SHA1
  
  3f1fad783f3f5ba60752ff69460e36f6e19c3bc8
- SHA256
  
  7065f1404e0801ddd1f76833375da84e51445b243e33ecedc55b15f3a019a7cd
- SHA512
  
  f9b252bbda2b1dc2737313975d1e4ad501365ad318bd472db2b9c8729a58382c958a0347e3372cd2c686b527e779971a93641d4dc93c35a3a939909731f6e453
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWIX4q2y1q2rJp0:745vRVJKGtSA0VWIoJu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy