Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
151s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20231222-en -
resource tags
arch:mipselimage:debian9-mipsel-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
01/02/2024, 15:06
General
-
Target
sora.mpsl
-
Size
27KB
-
MD5
f790a0f6fd01557676712ca1fb07e8a4
-
SHA1
0877fe0b463616e30302bca20a3ec98c7c9f63a3
-
SHA256
80cfe14c5e3dbb627f9a20a7e2a7ef0545501bb81c3465d831413a95e14d4ba8
-
SHA512
97dc745a575f2fb50331bb64eaa35e15b6d84e959387c4801d8366757976822f36f9279167eb16c9411613d1bc8a9d33b3b946f230de1bffa5e248308406121a
-
SSDEEP
768:5Asi7oKx1FyP1EXQi9tcL+nmub5vACDuWb:5di7oMUEAi9StK5vAI
Malware Config
Extracted
Family
mirai
Botnet
SORA
Signatures
-
Contacts a large (49360) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself nepjpmoaij43cbeam 737 sora.mpsl -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Reads runtime system information 16 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/434/exe File opened for reading /proc/742/exe File opened for reading /proc/676/exe File opened for reading /proc/722/exe File opened for reading /proc/793/exe File opened for reading /proc/670/exe File opened for reading /proc/708/exe File opened for reading /proc/728/exe File opened for reading /proc/729/exe File opened for reading /proc/805/exe File opened for reading /proc/739/exe File opened for reading /proc/673/exe File opened for reading /proc/753/exe File opened for reading /proc/677/exe File opened for reading /proc/725/exe File opened for reading /proc/797/exe