mrblack | 89681a305db16332df54709f9adcdf6e95561b658ba4f6a3da2a1026312fb2be | Triage

Sharing

General

Target

e1dc8adf1bf1ebceb2b95c5d4fa02232_JaffaCakes118
Size

1.1MB
Sample

240915-gx4kzazckq
MD5

e1dc8adf1bf1ebceb2b95c5d4fa02232
SHA1

496972d3b4f446ebbce8b3743f3546f14c5fd6cd
SHA256

89681a305db16332df54709f9adcdf6e95561b658ba4f6a3da2a1026312fb2be
SHA512

bd77d2d38725f5eeee3e7df4ee8556e58c785ef99ad728a9928bac1d4dc6d72c0c0d6dc684dcafaf7bc6fadede268d271125c1b06ad2fd6ad75928248a80490d
SSDEEP

24576:4vRE7caCfKGPqVEDNLFxKsfaoI+gIGYuuCol7r:4vREKfPqVE5jKsfaoRHGVo7r

Score

10^/10

mrblack antivm botnet defense_evasion discovery linux persistence trojan

Malware Config

Targets

- Target
  
  e1dc8adf1bf1ebceb2b95c5d4fa02232_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  e1dc8adf1bf1ebceb2b95c5d4fa02232
- SHA1
  
  496972d3b4f446ebbce8b3743f3546f14c5fd6cd
- SHA256
  
  89681a305db16332df54709f9adcdf6e95561b658ba4f6a3da2a1026312fb2be
- SHA512
  
  bd77d2d38725f5eeee3e7df4ee8556e58c785ef99ad728a9928bac1d4dc6d72c0c0d6dc684dcafaf7bc6fadede268d271125c1b06ad2fd6ad75928248a80490d
- SSDEEP
  
  24576:4vRE7caCfKGPqVEDNLFxKsfaoI+gIGYuuCol7r:4vREKfPqVE5jKsfaoRHGVo7r
Score

10^/10

mrblack antivm botnet defense_evasion discovery persistence trojan
- MrBlack Trojan
  IoT botnet which infects routers to be used for DDoS attacks.
  trojan botnet mrblack
- MrBlack trojan
- File and Directory Permissions Modification
  Adversaries may modify file or directory permissions to evade defenses.
  defense_evasion
- Executes dropped EXE
- Modifies init.d
  Adds/modifies system service, likely for persistence.
  persistence
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
  discovery
- Write file to user bin folder
  persistence
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

RC Scripts

Privilege Escalation

Boot or Logon Autostart Execution

Boot or Logon Initialization Scripts

RC Scripts

Defense Evasion

File and Directory Permissions Modification

Linux and Mac File and Directory Permissions Modification

Virtualization/Sandbox Evasion

System Checks

Credential Access

Discovery

System Network Configuration Discovery

Internet Connection Discovery

Virtualization/Sandbox Evasion

System Checks

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

mrblackantivmbotnetdefense_evasiondiscoverypersistencetrojan