mrblack | f0d5285a28cc66917d219df58a67bada38be871cfee799c3b222d420e7bb4470 | Triage

Submit
Reports

Overview

overview

Static

static

49cdbbd740...kes118

ubuntu-22.04-amd64

Sharing

General

Target

49cdbbd740cba52abddb8f27d1da47b8_JaffaCakes118
Size

1.2MB
Sample

240729-qyyksavepa
MD5

49cdbbd740cba52abddb8f27d1da47b8
SHA1

e5a4b39e6fedf5e2ee0b413d5242f6088ecffcda
SHA256

f0d5285a28cc66917d219df58a67bada38be871cfee799c3b222d420e7bb4470
SHA512

00184b797c4b55c17243bf73cfee8365e4723dcdae4f804198bc1a444d58186252e045d67e5b3cf5415c2ce7fe38e982a80e27dd07c17350dff2e6492d313035
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4/2y1q2rJp0:745vRVJKGtSA0VWeo+u9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

49cdbbd740cba52abddb8f27d1da47b8_JaffaCakes118

Resource

ubuntu2204-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  49cdbbd740cba52abddb8f27d1da47b8_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  49cdbbd740cba52abddb8f27d1da47b8
- SHA1
  
  e5a4b39e6fedf5e2ee0b413d5242f6088ecffcda
- SHA256
  
  f0d5285a28cc66917d219df58a67bada38be871cfee799c3b222d420e7bb4470
- SHA512
  
  00184b797c4b55c17243bf73cfee8365e4723dcdae4f804198bc1a444d58186252e045d67e5b3cf5415c2ce7fe38e982a80e27dd07c17350dff2e6492d313035
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4/2y1q2rJp0:745vRVJKGtSA0VWeo+u9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy