Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    sora.mpsl

  • Size

    27KB

  • Sample

    240201-sgtxdaabfl

  • MD5

    f790a0f6fd01557676712ca1fb07e8a4

  • SHA1

    0877fe0b463616e30302bca20a3ec98c7c9f63a3

  • SHA256

    80cfe14c5e3dbb627f9a20a7e2a7ef0545501bb81c3465d831413a95e14d4ba8

  • SHA512

    97dc745a575f2fb50331bb64eaa35e15b6d84e959387c4801d8366757976822f36f9279167eb16c9411613d1bc8a9d33b3b946f230de1bffa5e248308406121a

  • SSDEEP

    768:5Asi7oKx1FyP1EXQi9tcL+nmub5vACDuWb:5di7oMUEAi9StK5vAI

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

    • Target

      sora.mpsl

    • Size

      27KB

    • MD5

      f790a0f6fd01557676712ca1fb07e8a4

    • SHA1

      0877fe0b463616e30302bca20a3ec98c7c9f63a3

    • SHA256

      80cfe14c5e3dbb627f9a20a7e2a7ef0545501bb81c3465d831413a95e14d4ba8

    • SHA512

      97dc745a575f2fb50331bb64eaa35e15b6d84e959387c4801d8366757976822f36f9279167eb16c9411613d1bc8a9d33b3b946f230de1bffa5e248308406121a

    • SSDEEP

      768:5Asi7oKx1FyP1EXQi9tcL+nmub5vACDuWb:5di7oMUEAi9StK5vAI

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (49360) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

MITRE ATT&CK Enterprise v15

Tasks