mrblack | c18ea407518d1556077a6d050a84ab0c4617cc61e813cee4ba1d89255e81f63d | Triage

Submit
Reports

Overview

overview

Static

static

5ac7d41ad6...kes118

ubuntu-18.04-amd64

Sharing

General

Target

5ac7d41ad646c1d305b014ca0ef3a544_JaffaCakes118
Size

1.1MB
Sample

240729-x1a1tszfme
MD5

5ac7d41ad646c1d305b014ca0ef3a544
SHA1

46a8e3e70e0b8e1ac1b70074b502343a4c4dc8b0
SHA256

c18ea407518d1556077a6d050a84ab0c4617cc61e813cee4ba1d89255e81f63d
SHA512

45aa041b21bea8f1ea2a99af19ee8e467deaf2cdbdb857af193e2c07e4fd5fe7d6a2002a5d642073bb231c96cf09dad67b529dd86cbf69252d15c725d70cc5a1
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfazI+gIGYuuCol7r:4vREKfPqVE5jKsfazRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5ac7d41ad646c1d305b014ca0ef3a544_JaffaCakes118

Resource

ubuntu1804-amd64-20240508-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  5ac7d41ad646c1d305b014ca0ef3a544_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  5ac7d41ad646c1d305b014ca0ef3a544
- SHA1
  
  46a8e3e70e0b8e1ac1b70074b502343a4c4dc8b0
- SHA256
  
  c18ea407518d1556077a6d050a84ab0c4617cc61e813cee4ba1d89255e81f63d
- SHA512
  
  45aa041b21bea8f1ea2a99af19ee8e467deaf2cdbdb857af193e2c07e4fd5fe7d6a2002a5d642073bb231c96cf09dad67b529dd86cbf69252d15c725d70cc5a1
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfazI+gIGYuuCol7r:4vREKfPqVE5jKsfazRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy