Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5550866e5e1fa4166d1355ea1c7db587

  • Size

    44KB

  • Sample

    231219-29bqyaffe5

  • MD5

    5550866e5e1fa4166d1355ea1c7db587

  • SHA1

    e240ab47c174633b0c7dde15e598d94debcd25dc

  • SHA256

    fbee966ac3095c6d829c40d94e494fcbe9bd5d4c7aab8d58e6371e45739bc98b

  • SHA512

    a243f2530907252135fb8d7d19cca02f3ff775e594ac22245438c0c47214ef3792d4ae7473a3b87987c277b405f0a100de69c2d0ea683e30d3394a23177394cc

  • SSDEEP

    768:WqQFxEieXEEbIG4McZyntYJlAwuq3U0Lc1Sez8jy+XI1FmMs:3QFxTeXEs4LMntYvfO82+41QT

Malware Config

Extracted

Family

mirai

Botnet

LAYER

Targets

    • Target

      5550866e5e1fa4166d1355ea1c7db587

    • Size

      44KB

    • MD5

      5550866e5e1fa4166d1355ea1c7db587

    • SHA1

      e240ab47c174633b0c7dde15e598d94debcd25dc

    • SHA256

      fbee966ac3095c6d829c40d94e494fcbe9bd5d4c7aab8d58e6371e45739bc98b

    • SHA512

      a243f2530907252135fb8d7d19cca02f3ff775e594ac22245438c0c47214ef3792d4ae7473a3b87987c277b405f0a100de69c2d0ea683e30d3394a23177394cc

    • SSDEEP

      768:WqQFxEieXEEbIG4McZyntYJlAwuq3U0Lc1Sez8jy+XI1FmMs:3QFxTeXEs4LMntYvfO82+41QT

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (20114) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks