Mozi.m

General
Target

Mozi.m

Size

300KB

Sample

210624-777p27gt9e

Score
9 /10
MD5

04a77bca121eb725baf1f1556f192938

SHA1

5c9110611a4f024be1e1bb9cfe3061c32ecc52f1

SHA256

5063b629c039f293adc7c0d153d1dafb227b18f94e3e73f294f1f6f9abafd1b8

SHA512

992f1f0dd6584cec4334101d93a32e81bf778f2b0c93b2aebb9be9fd90e15b384434a5cdbdd776b8b42c2c9a6c056ed66ba15bb032429dda7eed613206ad423a

Malware Config
Targets
Target

Mozi.m

MD5

04a77bca121eb725baf1f1556f192938

Filesize

300KB

Score
9/10
SHA1

5c9110611a4f024be1e1bb9cfe3061c32ecc52f1

SHA256

5063b629c039f293adc7c0d153d1dafb227b18f94e3e73f294f1f6f9abafd1b8

SHA512

992f1f0dd6584cec4334101d93a32e81bf778f2b0c93b2aebb9be9fd90e15b384434a5cdbdd776b8b42c2c9a6c056ed66ba15bb032429dda7eed613206ad423a

Signatures

  • Modifies the Watchdog daemon

    Description

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    TTPs

  • Writes file to system bin folder

    TTPs

  • Modifies hosts file

    Description

    Adds to hosts file used for mapping hosts to IP addresses.

  • Enumerates active TCP sockets

    Description

    Gets active TCP sockets from /proc virtual filesystem.

    TTPs

    System Network Connections Discovery
  • Reads system routing table

    Description

    Gets active network interfaces from /proc virtual filesystem.

    TTPs

    System Network Configuration Discovery
  • Reads system network configuration

    Description

    Uses contents of /proc filesystem to enumerate network settings.

    TTPs

    System Network Configuration Discovery
  • Reads runtime system information

    Description

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory

    Description

    Malware often drops required files in the /tmp directory.

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        8/10

                        behavioral1

                        1/10

                        behavioral2

                        1/10

                        behavioral3

                        9/10