88bf694ac4d94d9974a8d54a6bf1bc2a7b97ad6761730d8e8a6072e5c999b02c | Triage

Submit
Reports

Overview

overview

Static

static

8

Mozi.m

linux_amd64

Mozi.m

linux_mipsel

Mozi.m

linux_mips

Sharing

General

Target

Mozi.m
Size

300KB
Sample

210728-14j33wbsrj
MD5

8bd7b1349973736dd6c791e26a3df8dd
SHA1

a70233e369f86de9ae903ffc1bc139e78e01a831
SHA256

88bf694ac4d94d9974a8d54a6bf1bc2a7b97ad6761730d8e8a6072e5c999b02c
SHA512

ef483c1975a6f0b040dfc311eca665de42eee2c2fb24961afc31b95c1f11719c8114d8208676ef307d32574a0aeb4865e4f9496cbc552da52e7535d4a70b4f6d

Score

10^/10

linux suricata

Static task

static1

Behavioral task

behavioral1

Sample

Mozi.m

Resource

ubuntu-amd64

linux_amd64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Mozi.m

Resource

debian9-mipsel

linux_mipsel

0 signatures

0 seconds

Behavioral task

behavioral3

Sample

Mozi.m

Resource

debian9-mipsbe

linux_mips

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Mozi.m
- Size
  
  300KB
- MD5
  
  8bd7b1349973736dd6c791e26a3df8dd
- SHA1
  
  a70233e369f86de9ae903ffc1bc139e78e01a831
- SHA256
  
  88bf694ac4d94d9974a8d54a6bf1bc2a7b97ad6761730d8e8a6072e5c999b02c
- SHA512
  
  ef483c1975a6f0b040dfc311eca665de42eee2c2fb24961afc31b95c1f11719c8114d8208676ef307d32574a0aeb4865e4f9496cbc552da52e7535d4a70b4f6d
Score

10^/10

suricata
- suricata: ET MALWARE Mirai Variant User-Agent (Outbound)
  suricata
- Modifies the Watchdog daemon
  Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
- Modifies hosts file
  Adds to hosts file used for mapping hosts to IP addresses.
- Enumerates active TCP sockets
  Gets active TCP sockets from /proc virtual filesystem.
- Reads system routing table
  Gets active network interfaces from /proc virtual filesystem.
- Reads system network configuration
  Uses contents of /proc filesystem to enumerate network settings.
- Reads runtime system information
  Reads data from /proc virtual filesystem.
- Writes file to tmp directory
  Malware often drops required files in the /tmp directory.
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

System Network Connections Discovery

System Network Configuration Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

behavioral3

© 2018-2024

Terms | Privacy