Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
na.sh
-
Size
2KB
-
Sample
241010-hs93mawdnp
-
MD5
31eb41cbfbbd0e48aecbe2a689a34d71
-
SHA1
a315bbb1681b97a156f747d3ab9f6d0f5694c475
-
SHA256
5d8f0d7fc44dcd6e2488c1e37d9e31be38e558963a7b4531806c8c7d7004cdaa
-
SHA512
50d60c823a9f5d88b21a7b7a5f3261c77ef635af545d0464c1114af51caa2b52f8a5764cfdcbd6587f84daa05db18f15132f61e7d384192fe1c8b18eab9d4ef4
Malware Config
Extracted
mirai
OWARI
milnetbrasil.duckdns.org
Extracted
mirai
OWARI
milnetbrasil.duckdns.org
Extracted
mirai
OWARI
milnetbrasil.duckdns.org
Targets
-
-
Target
na.sh
-
Size
2KB
-
MD5
31eb41cbfbbd0e48aecbe2a689a34d71
-
SHA1
a315bbb1681b97a156f747d3ab9f6d0f5694c475
-
SHA256
5d8f0d7fc44dcd6e2488c1e37d9e31be38e558963a7b4531806c8c7d7004cdaa
-
SHA512
50d60c823a9f5d88b21a7b7a5f3261c77ef635af545d0464c1114af51caa2b52f8a5764cfdcbd6587f84daa05db18f15132f61e7d384192fe1c8b18eab9d4ef4
Score10/10-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Contacts a large (430256) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
MITRE ATT&CK Enterprise v15
Defense Evasion
File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Impair Defenses
1Virtualization/Sandbox Evasion
1System Checks
1