23e9cba48eabb462c299778346f997eb4acb522f5ffe599d0cd5b8ed691491ec | Triage

Submit
Reports

Overview

overview

9

Static

static

8

Mozi.m

linux_amd64

Mozi.m

linux_mipsel

Mozi.m

linux_mips

9

Sharing

General

Target

Mozi.m
Size

300KB
Sample

210722-2jsm8ylkza
MD5

24088d9e6e23acdac830af0505ecb228
SHA1

cd9b3b66b6eee09b2cbb03cc09f660e1109fb11d
SHA256

23e9cba48eabb462c299778346f997eb4acb522f5ffe599d0cd5b8ed691491ec
SHA512

17a6e47365a249893f9abaab7bc7e9c4d81aba66c878880ea3aa2ab636b5dc5cd021c454544ddf36e1f470b5d576891fd838d566e7f465a8ad6256b87ebf5e40

Score

9^/10

linux

Static task

static1

Behavioral task

behavioral1

Sample

Mozi.m

Resource

ubuntu-amd64

linux_amd64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Mozi.m

Resource

debian9-mipsel

linux_mipsel

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Mozi.m

Resource

debian9-mipsbe

linux_mips

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Mozi.m
- Size
  
  300KB
- MD5
  
  24088d9e6e23acdac830af0505ecb228
- SHA1
  
  cd9b3b66b6eee09b2cbb03cc09f660e1109fb11d
- SHA256
  
  23e9cba48eabb462c299778346f997eb4acb522f5ffe599d0cd5b8ed691491ec
- SHA512
  
  17a6e47365a249893f9abaab7bc7e9c4d81aba66c878880ea3aa2ab636b5dc5cd021c454544ddf36e1f470b5d576891fd838d566e7f465a8ad6256b87ebf5e40
Score

9^/10
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2024

Terms | Privacy