Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    jew.x86.elf

  • Size

    53KB

  • Sample

    230806-a6zj2sgg4y

  • MD5

    74a3c7ef9b2ad328a28944c63f083847

  • SHA1

    cb911f32c7b691067830044a23e7144f88cc0c81

  • SHA256

    ddb27286ef835c7995594cbfc9a4d0843887c80627f890494394e797b1faed95

  • SHA512

    919f1cab198dcbe7c8d420448915b3f2cb1ff334d7fa1d842527c7a5b775a4ede1cd87285633086a2d5e3f9b8472aca1cf8251e448c42bed590a6f4c5593c566

  • SSDEEP

    1536:BAmkKnnAvjccy7ZeDm4EJd+67ZkC2BjWxrXdJKQDf1:ORKnAvjcV7ZIEJdxZkC2tirN3b

Malware Config

Extracted

Family

mirai

Botnet

KURC

Targets

    • Target

      jew.x86.elf

    • Size

      53KB

    • MD5

      74a3c7ef9b2ad328a28944c63f083847

    • SHA1

      cb911f32c7b691067830044a23e7144f88cc0c81

    • SHA256

      ddb27286ef835c7995594cbfc9a4d0843887c80627f890494394e797b1faed95

    • SHA512

      919f1cab198dcbe7c8d420448915b3f2cb1ff334d7fa1d842527c7a5b775a4ede1cd87285633086a2d5e3f9b8472aca1cf8251e448c42bed590a6f4c5593c566

    • SSDEEP

      1536:BAmkKnnAvjccy7ZeDm4EJd+67ZkC2BjWxrXdJKQDf1:ORKnAvjcV7ZIEJdxZkC2tirN3b

    Score
    9/10
    • Contacts a large (118658) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks