Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    8629dcac030a30891848d1c42d65b7ef

  • Size

    573KB

  • Sample

    231220-fq3jnagah9

  • MD5

    8629dcac030a30891848d1c42d65b7ef

  • SHA1

    e25f950d7deb39639eb39322bed9b1f6e259ff7d

  • SHA256

    79fbccdd13c18356ec8db2de02289fa3dee6b9f8c6ea4576543984439de0eb47

  • SHA512

    ea5cba6f7110e88ad423317f7878eb0515e41d4cedf7a4bae02e7c862abd669539011d3336cdb532f1db33efeea6cc5118d9c3bd0685b3d153143ee19055c0c7

  • SSDEEP

    12288:KzdIqiPzRCmzDWr2YZRMjE0ez34kLJGRuk6rpKbu72Ogm6YQ2VVwHe876/+ZVUTZ:vzmibKf

Malware Config

Extracted

Family

mirai

Botnet

ECHOBOT

Targets

    • Target

      8629dcac030a30891848d1c42d65b7ef

    • Size

      573KB

    • MD5

      8629dcac030a30891848d1c42d65b7ef

    • SHA1

      e25f950d7deb39639eb39322bed9b1f6e259ff7d

    • SHA256

      79fbccdd13c18356ec8db2de02289fa3dee6b9f8c6ea4576543984439de0eb47

    • SHA512

      ea5cba6f7110e88ad423317f7878eb0515e41d4cedf7a4bae02e7c862abd669539011d3336cdb532f1db33efeea6cc5118d9c3bd0685b3d153143ee19055c0c7

    • SSDEEP

      12288:KzdIqiPzRCmzDWr2YZRMjE0ez34kLJGRuk6rpKbu72Ogm6YQ2VVwHe876/+ZVUTZ:vzmibKf

    Score
    9/10
    • Contacts a large (1479737) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks