Overview

overview

9

Static

static

8

Mozi.m

linux_amd64

Mozi.m

linux_mipsel

Mozi.m

linux_mips

9

Analysis

  • max time kernel
    20895s
  • max time network
    59s
  • platform
    linux_mips
  • resource
    debian9-mipsbe
  • submitted
    19-07-2021 12:04

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mozi.m

  • Size

    300KB

  • MD5

    e4c7c13f32e453dc9620e497cde9bc7b

  • SHA1

    d263d6ff5d3d21c584fd3d42848a2e6b142d7180

  • SHA256

    f7a1b45aaf907b258dbefb4603495f2cba60ca2251effc728559709cef7624e2

  • SHA512

    978da0f28e2624c67e9fbfbcf1db879b243e50d58e5ad9ca22405bc324611befba7f0cec969ea8badaacaedc5548ba330aa8b3c964bb3abc993c851491c1a3e0

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Modifies hosts file 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 3 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • ./Mozi.m
    ./Mozi.m
    1⤵
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:330
  • /bin/sh
    sh -c "killall -9 telnetd utelnetd scfgmgr"
    1⤵
      PID:333

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads