Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20231221-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20231221-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    08/01/2024, 03:13

General

  • Target

    d8dacd3921a016ab597a8ffcf0aaa9496b3aef0c6b8c089511a37ffc34d1518c.elf

  • Size

    31KB

  • MD5

    7557f4107ed3ed4e291577fdbf82dea5

  • SHA1

    cdd7a2d038a0eec2549ae1436ed0773d80a8f4db

  • SHA256

    d8dacd3921a016ab597a8ffcf0aaa9496b3aef0c6b8c089511a37ffc34d1518c

  • SHA512

    f09993e9c73c93187e2fc49ad4c2acc53445f2ffee0a6a6e4178272bc287e6764dbfb09b7d835d0ced91a5d65185c0ed861c2666f7b99899f27e0f3706087c3f

  • SSDEEP

    768:VO1s9gKZjYfvymcPuf3NMGq9oVNDEGCFnuwdl8FJkaVJgGlzDpbuR1JC:Ss5mraoLC/dl8FJxVJuc

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (70109) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Deletes Audit logs 1 TTPs 1 IoCs

    Deletes logs related to the Linux Audit framework.

  • Deletes itself 1 IoCs
  • Deletes system logs 1 TTPs 1 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Deletes log files 1 TTPs 1 IoCs

    Deletes log files on the system.

Processes

  • /tmp/d8dacd3921a016ab597a8ffcf0aaa9496b3aef0c6b8c089511a37ffc34d1518c.elf
    /tmp/d8dacd3921a016ab597a8ffcf0aaa9496b3aef0c6b8c089511a37ffc34d1518c.elf
    1⤵
    • Changes its process name
    • Deletes itself
    • Modifies Watchdog functionality
    PID:726

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads