Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    03416214bb4d403deceada8f355c99ad

  • Size

    681KB

  • Sample

    231219-2ahefaehdm

  • MD5

    03416214bb4d403deceada8f355c99ad

  • SHA1

    cfebd85cd321ea5d23dc05bb031fe44c35b79228

  • SHA256

    8fbfc326cea95a058927ed63a35ebc64cdd69f6634df6de8cc5ac83d2fa6c9fc

  • SHA512

    91f094fbe8fcfd0f885fb422000692ebb68e59522227a063943553e033a4857f05d8d9c7d966ec44e3895b64cca3723f6f79bf2adefb9eb77b612f8f30b94be7

  • SSDEEP

    12288:j/2CFWjsBOke2tnT2JlZBQ4R79tAaLDvg4+KPHcq2Zm+FdfPikux+VaXKYyRMoS1:TBOj+JQ

Malware Config

Extracted

Family

mirai

Botnet

ECHOBOT

Targets

    • Target

      03416214bb4d403deceada8f355c99ad

    • Size

      681KB

    • MD5

      03416214bb4d403deceada8f355c99ad

    • SHA1

      cfebd85cd321ea5d23dc05bb031fe44c35b79228

    • SHA256

      8fbfc326cea95a058927ed63a35ebc64cdd69f6634df6de8cc5ac83d2fa6c9fc

    • SHA512

      91f094fbe8fcfd0f885fb422000692ebb68e59522227a063943553e033a4857f05d8d9c7d966ec44e3895b64cca3723f6f79bf2adefb9eb77b612f8f30b94be7

    • SSDEEP

      12288:j/2CFWjsBOke2tnT2JlZBQ4R79tAaLDvg4+KPHcq2Zm+FdfPikux+VaXKYyRMoS1:TBOj+JQ

    Score
    9/10
    • Contacts a large (57205) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks