mrblack | 9c2ee554f18277a890e14731315d0d7b3e3ab9a9ccda1c8239f51b06b6ffa2cf | Triage

Submit
Reports

Overview

overview

Static

static

54b592c75c...kes118

ubuntu-22.04-amd64

Sharing

General

Target

54b592c75c7131b483383f9651437b15_JaffaCakes118
Size

1.2MB
Sample

240729-vreljsvanh
MD5

54b592c75c7131b483383f9651437b15
SHA1

cdd72e7279341477dc470168edc07466a609ca82
SHA256

9c2ee554f18277a890e14731315d0d7b3e3ab9a9ccda1c8239f51b06b6ffa2cf
SHA512

9923f616efbea658d1d5dfb13993986338755c33b61c6e78c66ac1be635b0c92be040fa94b60ed4abf945f9236312f32dc047f8d9f7a393a7c1a9d60da92b8cf
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4q2y1q2rJp0:745vRVJKGtSA0VWeoJu9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

54b592c75c7131b483383f9651437b15_JaffaCakes118

Resource

ubuntu2204-amd64-20240522.1-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  54b592c75c7131b483383f9651437b15_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  54b592c75c7131b483383f9651437b15
- SHA1
  
  cdd72e7279341477dc470168edc07466a609ca82
- SHA256
  
  9c2ee554f18277a890e14731315d0d7b3e3ab9a9ccda1c8239f51b06b6ffa2cf
- SHA512
  
  9923f616efbea658d1d5dfb13993986338755c33b61c6e78c66ac1be635b0c92be040fa94b60ed4abf945f9236312f32dc047f8d9f7a393a7c1a9d60da92b8cf
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4q2y1q2rJp0:745vRVJKGtSA0VWeoJu9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy