Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1c060063aa33aff7d5be3b2fadbbea44

  • Size

    28KB

  • Sample

    231219-2k589aahgm

  • MD5

    1c060063aa33aff7d5be3b2fadbbea44

  • SHA1

    c43608e0f89433856965b1911c8ab3784bb560e4

  • SHA256

    532e772150be62bac0323e703fcdb318395253449f20d60aa949f0d14673bf1b

  • SHA512

    382b97bae6a4f0ce903d7e674b286f7bb7e4513599752333bef653b679d9fddb175191e8eeaafefc3e2bd9aad3cdad64335e33545f5ba92dad72d1bdc0622676

  • SSDEEP

    768:pojR+gTBF3eCOw1eiPOFhIHhhqq4PSlWMKl:AR1F3UiP+uvqq4PSk

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      1c060063aa33aff7d5be3b2fadbbea44

    • Size

      28KB

    • MD5

      1c060063aa33aff7d5be3b2fadbbea44

    • SHA1

      c43608e0f89433856965b1911c8ab3784bb560e4

    • SHA256

      532e772150be62bac0323e703fcdb318395253449f20d60aa949f0d14673bf1b

    • SHA512

      382b97bae6a4f0ce903d7e674b286f7bb7e4513599752333bef653b679d9fddb175191e8eeaafefc3e2bd9aad3cdad64335e33545f5ba92dad72d1bdc0622676

    • SSDEEP

      768:pojR+gTBF3eCOw1eiPOFhIHhhqq4PSlWMKl:AR1F3UiP+uvqq4PSk

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (13165) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks