Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

mirai.x86.elf

ubuntu-18.04-amd64

9

Analysis

  • max time kernel
    146s
  • max time network
    150s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20230621-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20230621-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    30/06/2023, 04:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    mirai.x86.elf

  • Size

    68KB

  • MD5

    f1fdf8b488193f82dac74235bd4440a2

  • SHA1

    de9fbce8138dcd03a0142d90ea47220ad27ad531

  • SHA256

    82c2a0083197211652ff2bae93178f180623743413db984620c9cabee7bcb9aa

  • SHA512

    0b6ec45420173658f72795d6a6615632e5395ff35441b7ae9c08e86c3ed75f62dac73e79f250266856885e8b27bc7a70accd3350f5d768062659a4241a4b29ff

  • SSDEEP

    1536:uCaVXjxEZYluXs9xU4l/AAG+TNFKcFnDQWo8bgdXHqMqMZ5gg7Wg8ggggggggggR:7atjx0YluXs9Jo4TNFFnDQW9bgNKMq

Score
9/10
discovery

Malware Config

Signatures

  • Contacts a large (3071) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Changes its process name 1 IoCs
  • Deletes itself 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

Processes

  • /tmp/mirai.x86.elf
    /tmp/mirai.x86.elf
    1⤵
    • Changes its process name
    • Deletes itself
    • Modifies Watchdog functionality
    PID:568

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads