General
-
Target
Mozi.m
-
Size
300KB
-
Sample
210728-14j33wbsrj
-
MD5
8bd7b1349973736dd6c791e26a3df8dd
-
SHA1
a70233e369f86de9ae903ffc1bc139e78e01a831
-
SHA256
88bf694ac4d94d9974a8d54a6bf1bc2a7b97ad6761730d8e8a6072e5c999b02c
-
SHA512
ef483c1975a6f0b040dfc311eca665de42eee2c2fb24961afc31b95c1f11719c8114d8208676ef307d32574a0aeb4865e4f9496cbc552da52e7535d4a70b4f6d
Static task
static1
Behavioral task
behavioral1
Sample
Mozi.m
Resource
ubuntu-amd64
Behavioral task
behavioral2
Sample
Mozi.m
Resource
debian9-mipsel
Behavioral task
behavioral3
Sample
Mozi.m
Resource
debian9-mipsbe
Malware Config
Targets
-
-
Target
Mozi.m
-
Size
300KB
-
MD5
8bd7b1349973736dd6c791e26a3df8dd
-
SHA1
a70233e369f86de9ae903ffc1bc139e78e01a831
-
SHA256
88bf694ac4d94d9974a8d54a6bf1bc2a7b97ad6761730d8e8a6072e5c999b02c
-
SHA512
ef483c1975a6f0b040dfc311eca665de42eee2c2fb24961afc31b95c1f11719c8114d8208676ef307d32574a0aeb4865e4f9496cbc552da52e7535d4a70b4f6d
Score10/10-
suricata: ET MALWARE Mirai Variant User-Agent (Outbound)
-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration
Uses contents of /proc filesystem to enumerate network settings.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-