Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    5abd010173344a62edefeb0f90c1f8dc

  • Size

    141KB

  • Sample

    231219-3bb5gsged7

  • MD5

    5abd010173344a62edefeb0f90c1f8dc

  • SHA1

    fa7d7cb573b02e8c05ebfdd12e19a933370a8e94

  • SHA256

    680c4bfce1d363a1427f7dfb7aef05af51b05d97d992022c13b39401bc6ee4c0

  • SHA512

    e2918cfeb3cd6815cd74affcc00cc2a22ed85bc85ca29112eb263b29878a83427d6e86a8c0ab12ec029d14a02ce2fd7d3904499107ae8fdb768d629fdcc87c28

  • SSDEEP

    3072:walgM69pe0QmlTvIUdt9mrsplDKZUQQBKXAVanXX+F8JyvSPhLZ85iBMR6yoC1Qa:walgM69pe0QmlTvI8t9mrsplDKZUQQBr

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

    • Target

      5abd010173344a62edefeb0f90c1f8dc

    • Size

      141KB

    • MD5

      5abd010173344a62edefeb0f90c1f8dc

    • SHA1

      fa7d7cb573b02e8c05ebfdd12e19a933370a8e94

    • SHA256

      680c4bfce1d363a1427f7dfb7aef05af51b05d97d992022c13b39401bc6ee4c0

    • SHA512

      e2918cfeb3cd6815cd74affcc00cc2a22ed85bc85ca29112eb263b29878a83427d6e86a8c0ab12ec029d14a02ce2fd7d3904499107ae8fdb768d629fdcc87c28

    • SSDEEP

      3072:walgM69pe0QmlTvIUdt9mrsplDKZUQQBKXAVanXX+F8JyvSPhLZ85iBMR6yoC1Qa:walgM69pe0QmlTvI8t9mrsplDKZUQQBr

    Score
    9/10
    • Contacts a large (19947) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks