6d8c7b672d6e972adc4c68d24b717fe43c3db7e52305c6752879869956ddafa9 | Triage

Submit
Reports

Overview

overview

9

Static

static

8

Mozi.m

linux_amd64

Mozi.m

linux_mipsel

9

Mozi.m

linux_mips

Sharing

General

Target

Mozi.m
Size

134KB
Sample

210531-7pncyskkzs
MD5

09e42c4638bf2c4abdbd70d425158dd3
SHA1

1a8a5187ca0da5cf6b47d49b6429b94a1d797d8c
SHA256

6d8c7b672d6e972adc4c68d24b717fe43c3db7e52305c6752879869956ddafa9
SHA512

9f20353dd5d0ed2b3a0478a0dc3c601f60e7e849679bbbbbde3a9008f185551cd7c8a6e8616641acafc58074d19a7e2cf81918c4b1c34e6359fbcabc2fae53ab

Score

9^/10

linux

Static task

static1

Behavioral task

behavioral1

Sample

Mozi.m

Resource

ubuntu-amd64

linux_amd64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Mozi.m

Resource

debian9-mipsel

linux_mipsel

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Mozi.m

Resource

debian9-mipsbe

linux_mips

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Mozi.m
- Size
  
  134KB
- MD5
  
  09e42c4638bf2c4abdbd70d425158dd3
- SHA1
  
  1a8a5187ca0da5cf6b47d49b6429b94a1d797d8c
- SHA256
  
  6d8c7b672d6e972adc4c68d24b717fe43c3db7e52305c6752879869956ddafa9
- SHA512
  
  9f20353dd5d0ed2b3a0478a0dc3c601f60e7e849679bbbbbde3a9008f185551cd7c8a6e8616641acafc58074d19a7e2cf81918c4b1c34e6359fbcabc2fae53ab
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Hijack Execution Flow

Impair Defenses

Credential Access

Discovery

System Network Configuration Discovery

System Network Connections Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2024

Terms | Privacy