mrblack | 1ea1b4edcc7e1ba2ba0e549ff3fcdd35efabd69f4e671b905a7d38ec97a7d9d9 | Triage

Submit
Reports

Overview

overview

Static

static

be9e6e33ce...kes118

ubuntu-22.04-amd64

Sharing

General

Target

be9e6e33ce58d7572b0a089a9be20dd0_JaffaCakes118
Size

1.1MB
Sample

240824-pzezdssdmn
MD5

be9e6e33ce58d7572b0a089a9be20dd0
SHA1

5f3788156d48b1e1865a471a9a34019aa63f1a1b
SHA256

1ea1b4edcc7e1ba2ba0e549ff3fcdd35efabd69f4e671b905a7d38ec97a7d9d9
SHA512

8b20ab73a1aa5ad3c1cf09af600e538cfb519a509c599ea76a6b07189d04e679112e2c273ed2e8ae1de677af614c74b4332ab973542e0c6bb8d5b5968aa97b07
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfa4I+gIGYuuCol7r:4vREKfPqVE5jKsfa4RHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

be9e6e33ce58d7572b0a089a9be20dd0_JaffaCakes118

Resource

ubuntu2204-amd64-20240611-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  be9e6e33ce58d7572b0a089a9be20dd0_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  be9e6e33ce58d7572b0a089a9be20dd0
- SHA1
  
  5f3788156d48b1e1865a471a9a34019aa63f1a1b
- SHA256
  
  1ea1b4edcc7e1ba2ba0e549ff3fcdd35efabd69f4e671b905a7d38ec97a7d9d9
- SHA512
  
  8b20ab73a1aa5ad3c1cf09af600e538cfb519a509c599ea76a6b07189d04e679112e2c273ed2e8ae1de677af614c74b4332ab973542e0c6bb8d5b5968aa97b07
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfa4I+gIGYuuCol7r:4vREKfPqVE5jKsfa4RHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy