General
-
Target
Mozi.m
-
Size
300KB
-
Sample
210529-a9xs3eb41e
-
MD5
ca59062514850185df19a37b6011fc1a
-
SHA1
8a795a67ff333bed5a62dc632c551220bde5c756
-
SHA256
195339746b4509f1e0c43141e129c08c0a2d27ea4b0a5e184513fe4cacae795e
-
SHA512
181c7eac6a6df459836aa2da854a918f509f7fbf6af91e6aa2ce17a33e0f839a435cbe02b42a4b8ea3098bf8c4bc3f8137ac32a68153757d8efb94e2fec0b660
Static task
static1
Behavioral task
behavioral1
Sample
Mozi.m
Resource
debian9-mipsbe
Malware Config
Targets
-
-
Target
Mozi.m
-
Size
300KB
-
MD5
ca59062514850185df19a37b6011fc1a
-
SHA1
8a795a67ff333bed5a62dc632c551220bde5c756
-
SHA256
195339746b4509f1e0c43141e129c08c0a2d27ea4b0a5e184513fe4cacae795e
-
SHA512
181c7eac6a6df459836aa2da854a918f509f7fbf6af91e6aa2ce17a33e0f839a435cbe02b42a4b8ea3098bf8c4bc3f8137ac32a68153757d8efb94e2fec0b660
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-