Overview

overview

9

Static

static

8

Mozi.m

linux_amd64

Mozi.m

linux_mipsel

Mozi.m

linux_mips

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Mozi.m

  • Size

    300KB

  • Sample

    210719-67n4csvekx

  • MD5

    e4c7c13f32e453dc9620e497cde9bc7b

  • SHA1

    d263d6ff5d3d21c584fd3d42848a2e6b142d7180

  • SHA256

    f7a1b45aaf907b258dbefb4603495f2cba60ca2251effc728559709cef7624e2

  • SHA512

    978da0f28e2624c67e9fbfbcf1db879b243e50d58e5ad9ca22405bc324611befba7f0cec969ea8badaacaedc5548ba330aa8b3c964bb3abc993c851491c1a3e0

Score
9/10
linux

Malware Config

Targets

    • Target

      Mozi.m

    • Size

      300KB

    • MD5

      e4c7c13f32e453dc9620e497cde9bc7b

    • SHA1

      d263d6ff5d3d21c584fd3d42848a2e6b142d7180

    • SHA256

      f7a1b45aaf907b258dbefb4603495f2cba60ca2251effc728559709cef7624e2

    • SHA512

      978da0f28e2624c67e9fbfbcf1db879b243e50d58e5ad9ca22405bc324611befba7f0cec969ea8badaacaedc5548ba330aa8b3c964bb3abc993c851491c1a3e0

    Score
    9/10

    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

    • Reads system network configuration

      Uses contents of /proc filesystem to enumerate network settings.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

    behavioral1behavioral2behavioral3

MITRE ATT&CK Enterprise v6

Tasks