Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    mirai.x86.elf

  • Size

    68KB

  • Sample

    230630-fga32sha4z

  • MD5

    f1fdf8b488193f82dac74235bd4440a2

  • SHA1

    de9fbce8138dcd03a0142d90ea47220ad27ad531

  • SHA256

    82c2a0083197211652ff2bae93178f180623743413db984620c9cabee7bcb9aa

  • SHA512

    0b6ec45420173658f72795d6a6615632e5395ff35441b7ae9c08e86c3ed75f62dac73e79f250266856885e8b27bc7a70accd3350f5d768062659a4241a4b29ff

  • SSDEEP

    1536:uCaVXjxEZYluXs9xU4l/AAG+TNFKcFnDQWo8bgdXHqMqMZ5gg7Wg8ggggggggggR:7atjx0YluXs9Jo4TNFFnDQW9bgNKMq

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

ingoditrust.ddns.net

Targets

    • Target

      mirai.x86.elf

    • Size

      68KB

    • MD5

      f1fdf8b488193f82dac74235bd4440a2

    • SHA1

      de9fbce8138dcd03a0142d90ea47220ad27ad531

    • SHA256

      82c2a0083197211652ff2bae93178f180623743413db984620c9cabee7bcb9aa

    • SHA512

      0b6ec45420173658f72795d6a6615632e5395ff35441b7ae9c08e86c3ed75f62dac73e79f250266856885e8b27bc7a70accd3350f5d768062659a4241a4b29ff

    • SSDEEP

      1536:uCaVXjxEZYluXs9xU4l/AAG+TNFKcFnDQWo8bgdXHqMqMZ5gg7Wg8ggggggggggR:7atjx0YluXs9Jo4TNFFnDQW9bgNKMq

    Score
    9/10
    • Contacts a large (3071) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v6

Tasks