Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown

  • Size

    8KB

  • Sample

    240902-bjdvhaxcmn

  • MD5

    86311599eaaff9e71ddc72ada1b21c2e

  • SHA1

    572f97e41071d072dfc97127454d4978b50a81e2

  • SHA256

    85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1

  • SHA512

    74fccf9b268bdcf4220dcd8213a83213b7be545bfaf7cf406f32bf7e7c924ef53d66d04cb3aeb4c8024c60803ce806ddfb501ad0d59780780fc9dd19f40df317

  • SSDEEP

    96:RE+blpgA856Hslefac5h5k9vH658TuF4dZAkk59yKXMJeDMhsm/vj+9RlYz218Lu:RE+P7

Malware Config

Extracted

Family

mirai

C2

www.ckea.ru

www.akck.ru

45.152.112.46

Extracted

Family

mirai

C2

www.akck.ru

Targets

    • Target

      85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1.unknown

    • Size

      8KB

    • MD5

      86311599eaaff9e71ddc72ada1b21c2e

    • SHA1

      572f97e41071d072dfc97127454d4978b50a81e2

    • SHA256

      85fa682965abee90f408841d28da35aa16ef5432b3d8f4d18839356febf9c4e1

    • SHA512

      74fccf9b268bdcf4220dcd8213a83213b7be545bfaf7cf406f32bf7e7c924ef53d66d04cb3aeb4c8024c60803ce806ddfb501ad0d59780780fc9dd19f40df317

    • SSDEEP

      96:RE+blpgA856Hslefac5h5k9vH658TuF4dZAkk59yKXMJeDMhsm/vj+9RlYz218Lu:RE+P7

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (42975) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Executes dropped EXE

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Writes file to system bin folder

MITRE ATT&CK Enterprise v15

Tasks