mrblack | 69ab838890b03dc2c53d52bbba8c9e6df91601739ecc52d3be7b387804d1e6a1 | Triage

Submit
Reports

Overview

overview

Static

static

4650f92c66...kes118

ubuntu-22.04-amd64

Sharing

General

Target

4650f92c66faa1db538b46141dd9e782_JaffaCakes118
Size

1.2MB
Sample

240729-pjdfmayanl
MD5

4650f92c66faa1db538b46141dd9e782
SHA1

8a678d6626aa85a1fa0cf4511498ae89e40ca14e
SHA256

69ab838890b03dc2c53d52bbba8c9e6df91601739ecc52d3be7b387804d1e6a1
SHA512

f7979d82713069d4e8555c08ab1eb51a1b67de1c2d5fc3409ed8b7be6e66784408fa70d2f5e2c75330603e01ed2fc9a94707fc37a837b054c0a7d890199499b1
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4I2y1q2rJp0:745vRVJKGtSA0VWeoPu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

4650f92c66faa1db538b46141dd9e782_JaffaCakes118

Resource

ubuntu2204-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  4650f92c66faa1db538b46141dd9e782_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  4650f92c66faa1db538b46141dd9e782
- SHA1
  
  8a678d6626aa85a1fa0cf4511498ae89e40ca14e
- SHA256
  
  69ab838890b03dc2c53d52bbba8c9e6df91601739ecc52d3be7b387804d1e6a1
- SHA512
  
  f7979d82713069d4e8555c08ab1eb51a1b67de1c2d5fc3409ed8b7be6e66784408fa70d2f5e2c75330603e01ed2fc9a94707fc37a837b054c0a7d890199499b1
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4I2y1q2rJp0:745vRVJKGtSA0VWeoPu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy