195339746b4509f1e0c43141e129c08c0a2d27ea4b0a5e184513fe4cacae795e | Triage

Submit
Reports

Overview

overview

9

Static

static

8

Mozi.m

linux_mips

9

Sharing

General

Target

Mozi.m
Size

300KB
Sample

210529-a9xs3eb41e
MD5

ca59062514850185df19a37b6011fc1a
SHA1

8a795a67ff333bed5a62dc632c551220bde5c756
SHA256

195339746b4509f1e0c43141e129c08c0a2d27ea4b0a5e184513fe4cacae795e
SHA512

181c7eac6a6df459836aa2da854a918f509f7fbf6af91e6aa2ce17a33e0f839a435cbe02b42a4b8ea3098bf8c4bc3f8137ac32a68153757d8efb94e2fec0b660

Score

9^/10

linux

Static task

static1

Behavioral task

behavioral1

Sample

Mozi.m

Resource

debian9-mipsbe

linux_mips

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Mozi.m
- Size
  
  300KB
- MD5
  
  ca59062514850185df19a37b6011fc1a
- SHA1
  
  8a795a67ff333bed5a62dc632c551220bde5c756
- SHA256
  
  195339746b4509f1e0c43141e129c08c0a2d27ea4b0a5e184513fe4cacae795e
- SHA512
  
  181c7eac6a6df459836aa2da854a918f509f7fbf6af91e6aa2ce17a33e0f839a435cbe02b42a4b8ea3098bf8c4bc3f8137ac32a68153757d8efb94e2fec0b660
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

© 2018-2024

Terms | Privacy