mrblack | 5ed4f4153647ba4ba860a06b80748786524a6c923f7323fac9e0033faa673682 | Triage

Submit
Reports

Overview

overview

Static

static

5fb3a167cd...kes118

ubuntu-22.04-amd64

Sharing

General

Target

5fb3a167cd8e1d7bf2fa5aba1885d6fe_JaffaCakes118
Size

1.1MB
Sample

240729-zrp5hazelp
MD5

5fb3a167cd8e1d7bf2fa5aba1885d6fe
SHA1

f41e8f5d9bf939d06ce68e0178200af96ec0752b
SHA256

5ed4f4153647ba4ba860a06b80748786524a6c923f7323fac9e0033faa673682
SHA512

21767a0fdf7953d9ffc592cee989cf0796bb31fc2916dd3c0de8eaa62c5a1a61a9fcaffa1fa9134d6918a139ec5f69634c394752024d1371a5fb35fae1aed294
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfajI+gIGYuuCol7r:4vREKfPqVE5jKsfajRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

5fb3a167cd8e1d7bf2fa5aba1885d6fe_JaffaCakes118

Resource

ubuntu2204-amd64-20240611-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  5fb3a167cd8e1d7bf2fa5aba1885d6fe_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  5fb3a167cd8e1d7bf2fa5aba1885d6fe
- SHA1
  
  f41e8f5d9bf939d06ce68e0178200af96ec0752b
- SHA256
  
  5ed4f4153647ba4ba860a06b80748786524a6c923f7323fac9e0033faa673682
- SHA512
  
  21767a0fdf7953d9ffc592cee989cf0796bb31fc2916dd3c0de8eaa62c5a1a61a9fcaffa1fa9134d6918a139ec5f69634c394752024d1371a5fb35fae1aed294
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfajI+gIGYuuCol7r:4vREKfPqVE5jKsfajRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy