mrblack | 8cf917f730b3432a1d238a44943f520142f52ac07494460aec3008a7e954dfbb | Triage

Submit
Reports

Overview

overview

Static

static

9df1353dbf...kes118

ubuntu-18.04-amd64

Sharing

General

Target

9df1353dbf715d5c4f580549d520fc5a_JaffaCakes118
Size

1.1MB
Sample

240816-l549payelg
MD5

9df1353dbf715d5c4f580549d520fc5a
SHA1

55df8257d85a8db943d20e6753b02e53b557b9e8
SHA256

8cf917f730b3432a1d238a44943f520142f52ac07494460aec3008a7e954dfbb
SHA512

7ed70bb6e6f04527ea73f50754356d57656209047eaae4c3f5290bb81c0a0654d1feb09f1971704eed41b074bb214c10d2407094d0e266256d70f6e418b39e15
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfaGI+gIGYuuCol7r:4vREKfPqVE5jKsfaGRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9df1353dbf715d5c4f580549d520fc5a_JaffaCakes118

Resource

ubuntu1804-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-18.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  9df1353dbf715d5c4f580549d520fc5a_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  9df1353dbf715d5c4f580549d520fc5a
- SHA1
  
  55df8257d85a8db943d20e6753b02e53b557b9e8
- SHA256
  
  8cf917f730b3432a1d238a44943f520142f52ac07494460aec3008a7e954dfbb
- SHA512
  
  7ed70bb6e6f04527ea73f50754356d57656209047eaae4c3f5290bb81c0a0654d1feb09f1971704eed41b074bb214c10d2407094d0e266256d70f6e418b39e15
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfaGI+gIGYuuCol7r:4vREKfPqVE5jKsfaGRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy