mrblack | 393ac47184475af099eafce91d7472ea5af1d74636a992cc08bf40872d22fa4a | Triage

Submit
Reports

Overview

overview

Static

static

b165fc62f6...kes118

ubuntu-22.04-amd64

Sharing

General

Target

b165fc62f6326b18308133acfd228b58_JaffaCakes118
Size

1.5MB
Sample

240821-afbqaszgne
MD5

b165fc62f6326b18308133acfd228b58
SHA1

da26fbdebf2350f1fab998943d45d8e5ae2dabe9
SHA256

393ac47184475af099eafce91d7472ea5af1d74636a992cc08bf40872d22fa4a
SHA512

b7d0a59f1e95d1e37e5925fab7a7ee5666ced7c07303a0ca786012b17d8389f1a04abf1209bd8f9945b61465e47af9c6dc7a9d9137ff271d88ce941d2b747d16
SSDEEP

49152:2nilOolLbt1laIunbZsehk1S55555555555555555555555555555555555k55w1:yeOolLbt1laIunlseh9NtYi7COEm

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b165fc62f6326b18308133acfd228b58_JaffaCakes118

Resource

ubuntu2204-amd64-20240611-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b165fc62f6326b18308133acfd228b58_JaffaCakes118
- Size
  
  1.5MB
- MD5
  
  b165fc62f6326b18308133acfd228b58
- SHA1
  
  da26fbdebf2350f1fab998943d45d8e5ae2dabe9
- SHA256
  
  393ac47184475af099eafce91d7472ea5af1d74636a992cc08bf40872d22fa4a
- SHA512
  
  b7d0a59f1e95d1e37e5925fab7a7ee5666ced7c07303a0ca786012b17d8389f1a04abf1209bd8f9945b61465e47af9c6dc7a9d9137ff271d88ce941d2b747d16
- SSDEEP
  
  49152:2nilOolLbt1laIunbZsehk1S55555555555555555555555555555555555k55w1:yeOolLbt1laIunlseh9NtYi7COEm
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy