Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    xd.x86.elf

  • Size

    29KB

  • Sample

    230606-hcb6nacc79

  • MD5

    27cdb18684ed957621948517c76d12b4

  • SHA1

    6a1fa30eeb323c224128ad2d70051163349cea59

  • SHA256

    c978005c04128657771c35425d201cd7a1438b7a2e0ab4eb75a2bcc452e78e78

  • SHA512

    0aeae8bd73b9ffab19e0b3221a828c604e4f6deb81cc6b7669a8f5f8823ece81e337199b2ebaf34e57740c3f92a90e6514cad498d8cebce7583f8f8550fed6e2

  • SSDEEP

    768:UN8f6tfoQmQAXV7E1QDvjnVAiSZd8H0GuOZk3WHSwqM:IMJXFl7IQjU6uj6

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      xd.x86.elf

    • Size

      29KB

    • MD5

      27cdb18684ed957621948517c76d12b4

    • SHA1

      6a1fa30eeb323c224128ad2d70051163349cea59

    • SHA256

      c978005c04128657771c35425d201cd7a1438b7a2e0ab4eb75a2bcc452e78e78

    • SHA512

      0aeae8bd73b9ffab19e0b3221a828c604e4f6deb81cc6b7669a8f5f8823ece81e337199b2ebaf34e57740c3f92a90e6514cad498d8cebce7583f8f8550fed6e2

    • SSDEEP

      768:UN8f6tfoQmQAXV7E1QDvjnVAiSZd8H0GuOZk3WHSwqM:IMJXFl7IQjU6uj6

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (20130) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v6

Tasks