Overview

overview

9

Static

static

8

Mozi.m

linux_amd64

Mozi.m

linux_mipsel

9

Mozi.m

linux_mips

Analysis

  • max time kernel
    0s
  • max time network
    17s
  • platform
    linux_mipsel
  • resource
    debian9-mipsel
  • submitted
    31-05-2021 06:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mozi.m

  • Size

    134KB

  • MD5

    09e42c4638bf2c4abdbd70d425158dd3

  • SHA1

    1a8a5187ca0da5cf6b47d49b6429b94a1d797d8c

  • SHA256

    6d8c7b672d6e972adc4c68d24b717fe43c3db7e52305c6752879869956ddafa9

  • SHA512

    9f20353dd5d0ed2b3a0478a0dc3c601f60e7e849679bbbbbde3a9008f185551cd7c8a6e8616641acafc58074d19a7e2cf81918c4b1c34e6359fbcabc2fae53ab

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Modifies hosts file 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 3 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • ./Mozi.m
    ./Mozi.m
    1⤵
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:313
  • /bin/sh
    sh -c "killall -9 telnetd utelnetd scfgmgr"
    1⤵
      PID:320

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads