Mozi.aqtzxrgid

General
Target

Mozi.aqtzxrgid

Size

106KB

Sample

220425-2k2aasfeg3

Score
9 /10
MD5

4dde761681684d7edad4e5e1ffdb940b

SHA1

2327be693bc11a618c380d7d3abc2382d870d48b

SHA256

d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8

SHA512

91a61c719128f263f9f95736d55895954cc468c74ff469ee061d35ec382c50b9165e9a5427dc46a835dac6ae0e6e1f9819632475f68b98a907b53196bd4eb02a

Malware Config
Targets
Target

Mozi.aqtzxrgid

MD5

4dde761681684d7edad4e5e1ffdb940b

Filesize

106KB

Score
9/10
SHA1

2327be693bc11a618c380d7d3abc2382d870d48b

SHA256

d546509ab6670f9ff31783ed72875dfc0f37fa2b666bd5870eecaaed2ebea4a8

SHA512

91a61c719128f263f9f95736d55895954cc468c74ff469ee061d35ec382c50b9165e9a5427dc46a835dac6ae0e6e1f9819632475f68b98a907b53196bd4eb02a

Tags

Signatures

  • Contacts a large (8742) amount of remote hosts

    Description

    This may indicate a network scan to discover remotely running services.

    Tags

    TTPs

    Network Service Scanning

  • Modifies the Watchdog daemon

    Description

    Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    TTPs

  • Writes file to system bin folder

    TTPs

  • Modifies hosts file

    Description

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration

    Description

    Writes data to DNS resolver config file.

    TTPs

  • Enumerates active TCP sockets

    Description

    Gets active TCP sockets from /proc virtual filesystem.

    TTPs

    System Network Connections Discovery

  • Modifies init.d

    Description

    Adds/modifies system service, likely for persistence.

    Tags

    TTPs

  • Reads system routing table

    Description

    Gets active network interfaces from /proc virtual filesystem.

    TTPs

    System Network Configuration Discovery

  • Creates a large amount of network flows

    Description

    This may indicate a network scan to discover remotely running services.

    Tags

    TTPs

    Network Service Scanning

  • Reads system network configuration

    Description

    Uses contents of /proc filesystem to enumerate network settings.

    TTPs

    System Network Configuration Discovery

  • Writes file to tmp directory

    Description

    Malware often drops required files in the /tmp directory.

Related Tasks

behavioral1
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        8/10

                        behavioral1

                        9/10