mrblack | de2a30e3ded0cca2729f82a010ee2359e0d1f64638934a18d53bb5ec08c8e0ab | Triage

Submit
Reports

Overview

overview

Static

static

991c3e0082...kes118

ubuntu-22.04-amd64

Sharing

General

Target

991c3e0082ac7d9b20906da53c143193_JaffaCakes118
Size

1.5MB
Sample

240815-gjwm7sxgkb
MD5

991c3e0082ac7d9b20906da53c143193
SHA1

ef789372f8f74eedf0ae3dfd6b0ca2c8e8d5eb5f
SHA256

de2a30e3ded0cca2729f82a010ee2359e0d1f64638934a18d53bb5ec08c8e0ab
SHA512

59a0843d1e55798b412eb672e05aaa83d2d101fa08ed9d1cdbf84914aada359b1044ffa87670cdbbfd28a694db985b0c6dc7c2d314fb2078e3db83d320ca81a7
SSDEEP

24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMsnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMsnLmB

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

991c3e0082ac7d9b20906da53c143193_JaffaCakes118

Resource

ubuntu2204-amd64-20240611-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

10 signatures

150 seconds

Malware Config

Targets

- Target
  
  991c3e0082ac7d9b20906da53c143193_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  991c3e0082ac7d9b20906da53c143193
- SHA1
  
  ef789372f8f74eedf0ae3dfd6b0ca2c8e8d5eb5f
- SHA256
  
  de2a30e3ded0cca2729f82a010ee2359e0d1f64638934a18d53bb5ec08c8e0ab
- SHA512
  
  59a0843d1e55798b412eb672e05aaa83d2d101fa08ed9d1cdbf84914aada359b1044ffa87670cdbbfd28a694db985b0c6dc7c2d314fb2078e3db83d320ca81a7
- SSDEEP
  
  24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMsnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMsnLmB
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy