mrblack | 7b9adbfa310a061e4d4becad8fb32260da09563bf0b1477267329a131c5b48c8 | Triage

Submit
Reports

Overview

overview

Static

static

b75b098776...kes118

ubuntu-20.04-amd64

Sharing

General

Target

b75b09877672a416a18a65de4183c2a1_JaffaCakes118
Size

1.1MB
Sample

240822-myeacssgra
MD5

b75b09877672a416a18a65de4183c2a1
SHA1

165c14b37464e5212b4e580804198c7c7c603041
SHA256

7b9adbfa310a061e4d4becad8fb32260da09563bf0b1477267329a131c5b48c8
SHA512

75886f0807a4da826ab4dfd43d19b315c3628056292b89a6f62290a78937bb371864eafccdf98009f19f49c1664bdfdf412a6c52f2066dc8493eb76e4a5d186a
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfa5I+gIGYuuCol7r:4vREKfPqVE5jKsfa5RHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

b75b09877672a416a18a65de4183c2a1_JaffaCakes118

Resource

ubuntu2004-amd64-20240611-en

mrblack antivm botnet persistence trojan

ubuntu-20.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  b75b09877672a416a18a65de4183c2a1_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  b75b09877672a416a18a65de4183c2a1
- SHA1
  
  165c14b37464e5212b4e580804198c7c7c603041
- SHA256
  
  7b9adbfa310a061e4d4becad8fb32260da09563bf0b1477267329a131c5b48c8
- SHA512
  
  75886f0807a4da826ab4dfd43d19b315c3628056292b89a6f62290a78937bb371864eafccdf98009f19f49c1664bdfdf412a6c52f2066dc8493eb76e4a5d186a
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfa5I+gIGYuuCol7r:4vREKfPqVE5jKsfa5RHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2025

Terms | Privacy