mrblack | 63ef4ac602d7419817cbc4c645d96bdd1d326f1f33d2ff5425a16695792139b1 | Triage

Submit
Reports

Overview

overview

Static

static

bbb3b0d220...kes118

ubuntu-22.04-amd64

Sharing

General

Target

bbb3b0d220b420d93bc8cb84a8796b99_JaffaCakes118
Size

1.1MB
Sample

240823-pjct4awdlq
MD5

bbb3b0d220b420d93bc8cb84a8796b99
SHA1

3f4fa3db400705580431141c5f5180b4a12b0b54
SHA256

63ef4ac602d7419817cbc4c645d96bdd1d326f1f33d2ff5425a16695792139b1
SHA512

1d1f11c5184bcc54467280e9debea7c4e720931ba335a87b5a3f80a74aa5df3d394e75f6510be60fa87726dd502eb3ddceb3f8f99721eae80cd50ac1f5b8c7da
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfa1I+gIGYuuCol7r:4vREKfPqVE5jKsfa1RHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

bbb3b0d220b420d93bc8cb84a8796b99_JaffaCakes118

Resource

ubuntu2204-amd64-20240729-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  bbb3b0d220b420d93bc8cb84a8796b99_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  bbb3b0d220b420d93bc8cb84a8796b99
- SHA1
  
  3f4fa3db400705580431141c5f5180b4a12b0b54
- SHA256
  
  63ef4ac602d7419817cbc4c645d96bdd1d326f1f33d2ff5425a16695792139b1
- SHA512
  
  1d1f11c5184bcc54467280e9debea7c4e720931ba335a87b5a3f80a74aa5df3d394e75f6510be60fa87726dd502eb3ddceb3f8f99721eae80cd50ac1f5b8c7da
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfa1I+gIGYuuCol7r:4vREKfPqVE5jKsfa1RHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy