mrblack | 4d5ffa44be5a98eb77b2efd1d30d5577d4fd7439e7976cf0840a81b82f5971aa | Triage

Submit
Reports

Overview

overview

Static

static

c67271b0f7...kes118

ubuntu-22.04-amd64

Sharing

General

Target

c67271b0f7ffbc565f7d7ccbee12cbab_JaffaCakes118
Size

1.1MB
Sample

240828-jltbza1hrp
MD5

c67271b0f7ffbc565f7d7ccbee12cbab
SHA1

2a4650b048edfec4a508fe758c3adc7e231bc4e9
SHA256

4d5ffa44be5a98eb77b2efd1d30d5577d4fd7439e7976cf0840a81b82f5971aa
SHA512

7269ace3b783a72e899bfa30b6bf95622cc8e594c4ba2cb24b875be230f15ff33c3ebbddbff49a0812bfbb33594039b4951f577f45b58a94d914a8421ac3886c
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfavI+gIGYuuCol7r:4vREKfPqVE5jKsfavRHGVo7r

Score

10^/10

mrblack antivm botnet linux persistence trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

c67271b0f7ffbc565f7d7ccbee12cbab_JaffaCakes118

Resource

ubuntu2204-amd64-20240611-en

mrblack antivm botnet persistence trojan

ubuntu-22.04-amd64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  c67271b0f7ffbc565f7d7ccbee12cbab_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  c67271b0f7ffbc565f7d7ccbee12cbab
- SHA1
  
  2a4650b048edfec4a508fe758c3adc7e231bc4e9
- SHA256
  
  4d5ffa44be5a98eb77b2efd1d30d5577d4fd7439e7976cf0840a81b82f5971aa
- SHA512
  
  7269ace3b783a72e899bfa30b6bf95622cc8e594c4ba2cb24b875be230f15ff33c3ebbddbff49a0812bfbb33594039b4951f577f45b58a94d914a8421ac3886c
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfavI+gIGYuuCol7r:4vREKfPqVE5jKsfavRHGVo7r
Score

10^/10

mrblack antivm botnet persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Write file to user bin folder
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Hijack Execution Flow

Privilege Escalation

Boot or Logon Autostart Execution

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Virtualization/Sandbox Evasion

Credential Access

Discovery

System Network Configuration Discovery

Virtualization/Sandbox Evasion

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetpersistencetrojan

© 2018-2024

Terms | Privacy