Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    151s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20231222-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20231222-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    01/02/2024, 15:06

General

  • Target

    sora.mpsl

  • Size

    27KB

  • MD5

    f790a0f6fd01557676712ca1fb07e8a4

  • SHA1

    0877fe0b463616e30302bca20a3ec98c7c9f63a3

  • SHA256

    80cfe14c5e3dbb627f9a20a7e2a7ef0545501bb81c3465d831413a95e14d4ba8

  • SHA512

    97dc745a575f2fb50331bb64eaa35e15b6d84e959387c4801d8366757976822f36f9279167eb16c9411613d1bc8a9d33b3b946f230de1bffa5e248308406121a

  • SSDEEP

    768:5Asi7oKx1FyP1EXQi9tcL+nmub5vACDuWb:5di7oMUEAi9StK5vAI

Malware Config

Extracted

Family

mirai

Botnet

SORA

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (49360) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads runtime system information 16 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/sora.mpsl
    /tmp/sora.mpsl
    1⤵
    • Changes its process name
    PID:737

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads