mrblack | 544d2f9e21eb2892b5d2bd0135cb2b7a7e9d35983eed1ecbf45e71e89f4fb0a7 | Triage

Submit
Reports

Overview

overview

Static

static

99dd485841...kes118

ubuntu-18.04-amd64

Sharing

General

Target

99dd48584152704db970a7b536c47bd5_JaffaCakes118
Size

1.2MB
Sample

240815-l9mkfaxgme
MD5

99dd48584152704db970a7b536c47bd5
SHA1

eac36532779460580cd80e8f3d22e324bae71494
SHA256

544d2f9e21eb2892b5d2bd0135cb2b7a7e9d35983eed1ecbf45e71e89f4fb0a7
SHA512

34bcb7f4bbc1cb74f0ef6f6d8c04c12987d0d5756cf148cb79f7448891fc46c37d08a816ebb9e4fda3dc62befafc42aadd863956699cd2c82a35279e0bd94025
SSDEEP

24576:e845rGHu6gVJKG75oFpA0VWeX4/2y1q2rJp0:745vRVJKGtSA0VWeo+u9p0

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

99dd48584152704db970a7b536c47bd5_JaffaCakes118

Resource

ubuntu1804-amd64-20240611-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  99dd48584152704db970a7b536c47bd5_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  99dd48584152704db970a7b536c47bd5
- SHA1
  
  eac36532779460580cd80e8f3d22e324bae71494
- SHA256
  
  544d2f9e21eb2892b5d2bd0135cb2b7a7e9d35983eed1ecbf45e71e89f4fb0a7
- SHA512
  
  34bcb7f4bbc1cb74f0ef6f6d8c04c12987d0d5756cf148cb79f7448891fc46c37d08a816ebb9e4fda3dc62befafc42aadd863956699cd2c82a35279e0bd94025
- SSDEEP
  
  24576:e845rGHu6gVJKG75oFpA0VWeX4/2y1q2rJp0:745vRVJKGtSA0VWeo+u9p0
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy