General
-
Target
Mozi.m
-
Size
300KB
-
Sample
210722-2jsm8ylkza
-
MD5
24088d9e6e23acdac830af0505ecb228
-
SHA1
cd9b3b66b6eee09b2cbb03cc09f660e1109fb11d
-
SHA256
23e9cba48eabb462c299778346f997eb4acb522f5ffe599d0cd5b8ed691491ec
-
SHA512
17a6e47365a249893f9abaab7bc7e9c4d81aba66c878880ea3aa2ab636b5dc5cd021c454544ddf36e1f470b5d576891fd838d566e7f465a8ad6256b87ebf5e40
Static task
static1
Behavioral task
behavioral1
Sample
Mozi.m
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
Mozi.m
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
Mozi.m
Resource
debian9-mipsbe
Malware Config
Targets
-
-
Target
Mozi.m
-
Size
300KB
-
MD5
24088d9e6e23acdac830af0505ecb228
-
SHA1
cd9b3b66b6eee09b2cbb03cc09f660e1109fb11d
-
SHA256
23e9cba48eabb462c299778346f997eb4acb522f5ffe599d0cd5b8ed691491ec
-
SHA512
17a6e47365a249893f9abaab7bc7e9c4d81aba66c878880ea3aa2ab636b5dc5cd021c454544ddf36e1f470b5d576891fd838d566e7f465a8ad6256b87ebf5e40
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-