mrblack | 055bd8cac1770e233c499f854522f74ce022cfce4174e4612c0e37b459a3aa04 | Triage

Submit
Reports

Overview

overview

Static

static

b562aa301c...kes118

ubuntu-20.04-amd64

Sharing

General

Target

b562aa301cf2bb74c5c2b83b9b1956ee_JaffaCakes118
Size

1.5MB
Sample

240821-2xm87svfmc
MD5

b562aa301cf2bb74c5c2b83b9b1956ee
SHA1

801b06907cfcb19b97a9b65d9e486be80852e923
SHA256

055bd8cac1770e233c499f854522f74ce022cfce4174e4612c0e37b459a3aa04
SHA512

fbb76d0716f96e9913c016296f46a879fcb4c8876ec172b26f6f000b35f54cae8523b2da3764ae58b6db5d5e8e86a56404affd9c68978f443b08ead6be0fc2b0
SSDEEP

24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMDnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMDnLmB

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b562aa301cf2bb74c5c2b83b9b1956ee_JaffaCakes118

Resource

ubuntu2004-amd64-20240508-en

mrblack antivm botnet persistence trojan

ubuntu-20.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b562aa301cf2bb74c5c2b83b9b1956ee_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  b562aa301cf2bb74c5c2b83b9b1956ee
- SHA1
  
  801b06907cfcb19b97a9b65d9e486be80852e923
- SHA256
  
  055bd8cac1770e233c499f854522f74ce022cfce4174e4612c0e37b459a3aa04
- SHA512
  
  fbb76d0716f96e9913c016296f46a879fcb4c8876ec172b26f6f000b35f54cae8523b2da3764ae58b6db5d5e8e86a56404affd9c68978f443b08ead6be0fc2b0
- SSDEEP
  
  24576:GA46TrzJBisiOvhlOHdSbQmHyJgf/kgX0Exb2cyaGpIoiMDnnLmYXqSYKKZdTrnD:zRNi6OHdSbQoyJyXpxb2PaGpXiMDnLmB
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy