mrblack | ea096e487a5853558cc9f00936a167a915e97375c4892fe8111252da61d7cfbf | Triage

Sharing

General

Target

df76bc434765108eecd8cbfb6a8bde76_JaffaCakes118
Size

1.1MB
Sample

240914-erf7dawhjc
MD5

df76bc434765108eecd8cbfb6a8bde76
SHA1

566a6dd2fd0b0352b7b0867ac72817f9a66fda1c
SHA256

ea096e487a5853558cc9f00936a167a915e97375c4892fe8111252da61d7cfbf
SHA512

8e809ab6686de36c0d670aa5217f346377e4074dc49cb802702ab643fba20b325bc65da0961be6e4b98a237f84f59074953b1b34f7fc60bf0db391661803158d
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfadI+gIGYuuCol7r:4vREKfPqVE5jKsfadRHGVo7r

Score

10^/10

mrblack antivm botnet discovery linux persistence trojan

Malware Config

Targets

- Target
  
  df76bc434765108eecd8cbfb6a8bde76_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  df76bc434765108eecd8cbfb6a8bde76
- SHA1
  
  566a6dd2fd0b0352b7b0867ac72817f9a66fda1c
- SHA256
  
  ea096e487a5853558cc9f00936a167a915e97375c4892fe8111252da61d7cfbf
- SHA512
  
  8e809ab6686de36c0d670aa5217f346377e4074dc49cb802702ab643fba20b325bc65da0961be6e4b98a237f84f59074953b1b34f7fc60bf0db391661803158d
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfadI+gIGYuuCol7r:4vREKfPqVE5jKsfadRHGVo7r
Score

10^/10

mrblack antivm botnet discovery persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Write file to user bin folder
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

RC Scripts

Privilege Escalation

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

RC Scripts

Defense Evasion

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetdiscoverypersistencetrojan