12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef

Analysis

max time network
606s
platform
debian-12_armhf
resource
debian12-armhf-20240221-en
resource tags

arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
submitted
04-06-2024 18:50

Target

Mozi.m
Size

300KB
MD5

eec5c6c219535fba3a0492ea8118b397
SHA1

292559e94f1c04b7d0c65d4a01bbbc5dc1ff6f21
SHA256

12013662c71da69de977c04cd7021f13a70cf7bed4ca6c82acbc100464d4b0ef
SHA512

3482c8324a18302f0f37b6e23ed85f24fff9f50bb568d8fd7461bf57f077a7c592f7a88bb2e1c398699958946d87bb93ab744d13a0003f9b879c15e6471f7400
SSDEEP

6144:T2s/gAWuboqsJ9xcJxspJBqQgTuaJZRhVabE5wKSDP99zBa77oNsKqqfPqOJ:T2s/bW+UmJqBxAuaPRhVabEDSDP99zBT

Score

9^/10

discovery

Contacts a large (14065) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
11127	ipinfo.io

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact