Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    139646c4c37b6bbe74d1bb27c1d23277_JaffaCakes118

  • Size

    31KB

  • Sample

    241004-q121zsxcjk

  • MD5

    139646c4c37b6bbe74d1bb27c1d23277

  • SHA1

    6dd88ca71c3b72411077ad30eda966ef7d1294b8

  • SHA256

    2c3aa9d96d8e837e79cbb6ee00626d5717d6548fd17c04f0c2a026e0e9678ede

  • SHA512

    23187c8f1cd27ff3bd58535a31e9692693807f56b9260bfcdf3e4e6bd7108ca7dcc6173d0b7163e0962551de17318418ddd810c7a792904e3bf6a44de954c4f5

  • SSDEEP

    384:Z3fpCLrsjHIX69URc+hmnulY1qHprFKt6zNJpRwD9MH+DuviprfAa39RWGVCz0N0:9fpWcehzJFYKn7gMHRwAa3LWJ

Malware Config

Extracted

Family

mirai

Botnet

UNST

Targets

    • Target

      139646c4c37b6bbe74d1bb27c1d23277_JaffaCakes118

    • Size

      31KB

    • MD5

      139646c4c37b6bbe74d1bb27c1d23277

    • SHA1

      6dd88ca71c3b72411077ad30eda966ef7d1294b8

    • SHA256

      2c3aa9d96d8e837e79cbb6ee00626d5717d6548fd17c04f0c2a026e0e9678ede

    • SHA512

      23187c8f1cd27ff3bd58535a31e9692693807f56b9260bfcdf3e4e6bd7108ca7dcc6173d0b7163e0962551de17318418ddd810c7a792904e3bf6a44de954c4f5

    • SSDEEP

      384:Z3fpCLrsjHIX69URc+hmnulY1qHprFKt6zNJpRwD9MH+DuviprfAa39RWGVCz0N0:9fpWcehzJFYKn7gMHRwAa3LWJ

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (20657) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks