Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
551f533a0bcaaab15fe72e86de30d0a1
-
Size
75KB
-
Sample
240112-bxr92sccak
-
MD5
551f533a0bcaaab15fe72e86de30d0a1
-
SHA1
3b445ef45f4f8238116859fe8d508837163a9646
-
SHA256
333f82ee9c681b229854641ec083da8ed17738f60796c52f67b989b6bf9644e9
-
SHA512
765b1df168181782fa328e5a8faccf95f2ba2a8d049a07ba66fe1630ff9946170d5080b141e0b207fc77fd9db7d495dcad57b4954f110bc1d30ac26441630ad2
-
SSDEEP
1536:4BVyHWPGswBBf0Jky5crVzXILjOf+UDcI0GTvgN:P2Tw9ZrBInU1tgN
Malware Config
Extracted
mirai
KYTON
Targets
-
-
Target
551f533a0bcaaab15fe72e86de30d0a1
-
Size
75KB
-
MD5
551f533a0bcaaab15fe72e86de30d0a1
-
SHA1
3b445ef45f4f8238116859fe8d508837163a9646
-
SHA256
333f82ee9c681b229854641ec083da8ed17738f60796c52f67b989b6bf9644e9
-
SHA512
765b1df168181782fa328e5a8faccf95f2ba2a8d049a07ba66fe1630ff9946170d5080b141e0b207fc77fd9db7d495dcad57b4954f110bc1d30ac26441630ad2
-
SSDEEP
1536:4BVyHWPGswBBf0Jky5crVzXILjOf+UDcI0GTvgN:P2Tw9ZrBInU1tgN
Score9/10-
Contacts a large (93720) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Writes file to system bin folder
-