Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    228fcc00b501ec5a064875d90d2443a5

  • Size

    39KB

  • Sample

    231219-2nlzsacadl

  • MD5

    228fcc00b501ec5a064875d90d2443a5

  • SHA1

    3a9aba9e464dc83df1cc7cf7a961170f65336bde

  • SHA256

    22773d53db5dbec43154b064eff33552a6c7585d73ca6fa38b9b9a9a3758fcc7

  • SHA512

    98852745980e63bd01bf62476726e584e54b741cebac45e74f6bc6dfb8a67ded51d82f2381d441200d8be7ea0560cbcf516b20b1930442febee4b586aa290b5f

  • SSDEEP

    768:LLYswiPo9qP4HpvCsV0vMNZsXdgCiQUrkqpc6wJgGlzDpxYsje:gGyqP4JvCsVVNgdHUjoVrYd

Malware Config

Extracted

Family

mirai

Botnet

KYTON

Targets

    • Target

      228fcc00b501ec5a064875d90d2443a5

    • Size

      39KB

    • MD5

      228fcc00b501ec5a064875d90d2443a5

    • SHA1

      3a9aba9e464dc83df1cc7cf7a961170f65336bde

    • SHA256

      22773d53db5dbec43154b064eff33552a6c7585d73ca6fa38b9b9a9a3758fcc7

    • SHA512

      98852745980e63bd01bf62476726e584e54b741cebac45e74f6bc6dfb8a67ded51d82f2381d441200d8be7ea0560cbcf516b20b1930442febee4b586aa290b5f

    • SSDEEP

      768:LLYswiPo9qP4HpvCsV0vMNZsXdgCiQUrkqpc6wJgGlzDpxYsje:gGyqP4JvCsVVNgdHUjoVrYd

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (92204) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks