Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
03416214bb4d403deceada8f355c99ad
-
Size
681KB
-
Sample
231219-2ahefaehdm
-
MD5
03416214bb4d403deceada8f355c99ad
-
SHA1
cfebd85cd321ea5d23dc05bb031fe44c35b79228
-
SHA256
8fbfc326cea95a058927ed63a35ebc64cdd69f6634df6de8cc5ac83d2fa6c9fc
-
SHA512
91f094fbe8fcfd0f885fb422000692ebb68e59522227a063943553e033a4857f05d8d9c7d966ec44e3895b64cca3723f6f79bf2adefb9eb77b612f8f30b94be7
-
SSDEEP
12288:j/2CFWjsBOke2tnT2JlZBQ4R79tAaLDvg4+KPHcq2Zm+FdfPikux+VaXKYyRMoS1:TBOj+JQ
Malware Config
Extracted
mirai
ECHOBOT
Targets
-
-
Target
03416214bb4d403deceada8f355c99ad
-
Size
681KB
-
MD5
03416214bb4d403deceada8f355c99ad
-
SHA1
cfebd85cd321ea5d23dc05bb031fe44c35b79228
-
SHA256
8fbfc326cea95a058927ed63a35ebc64cdd69f6634df6de8cc5ac83d2fa6c9fc
-
SHA512
91f094fbe8fcfd0f885fb422000692ebb68e59522227a063943553e033a4857f05d8d9c7d966ec44e3895b64cca3723f6f79bf2adefb9eb77b612f8f30b94be7
-
SSDEEP
12288:j/2CFWjsBOke2tnT2JlZBQ4R79tAaLDvg4+KPHcq2Zm+FdfPikux+VaXKYyRMoS1:TBOj+JQ
Score9/10-
Contacts a large (57205) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-