Overview

overview

9

Static

static

8

Mozi.m

linux_amd64

Mozi.m

linux_mipsel

Mozi.m

linux_mips

9

Analysis

  • max time kernel
    0s
  • max time network
    13s
  • platform
    linux_mips
  • resource
    debian9-mipsbe
  • submitted
    30/07/2021, 10:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Mozi.m

  • Size

    300KB

  • MD5

    129b68c2c0cb414a4067177963d24375

  • SHA1

    f7fac891f129251d35b1f6cc5b87324087bbb351

  • SHA256

    dea6d3eb289afa011e3dcbaaea9a00a6f90bdfc061447a741f10b863df0d9bab

  • SHA512

    877821748fed32db36299d4009518eb9a12057510b8601133e8fe954d88a8a068f3d7be767e2fd1b364dbe59ec0d97d7d067a0064006f36030216c3802c7eb88

Score
9/10

Malware Config

Signatures

  • Modifies the Watchdog daemon 1 TTPs

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 1 TTPs 2 IoCs
  • Modifies hosts file 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system routing table 1 TTPs 1 IoCs

    Gets active network interfaces from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 3 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • ./Mozi.m
    ./Mozi.m
    1⤵
    • Enumerates active TCP sockets
    • Reads system network configuration
    • Reads runtime system information
    PID:327
  • /bin/sh
    sh -c "killall -9 telnetd utelnetd scfgmgr"
    1⤵
      PID:330

    Network

    MITRE ATT&CK Enterprise v6

    Replay Monitor

    Loading Replay Monitor...

    Downloads