Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    na.sh

  • Size

    2KB

  • Sample

    241010-hs93mawdnp

  • MD5

    31eb41cbfbbd0e48aecbe2a689a34d71

  • SHA1

    a315bbb1681b97a156f747d3ab9f6d0f5694c475

  • SHA256

    5d8f0d7fc44dcd6e2488c1e37d9e31be38e558963a7b4531806c8c7d7004cdaa

  • SHA512

    50d60c823a9f5d88b21a7b7a5f3261c77ef635af545d0464c1114af51caa2b52f8a5764cfdcbd6587f84daa05db18f15132f61e7d384192fe1c8b18eab9d4ef4

Malware Config

Extracted

Family

mirai

Botnet

OWARI

C2

milnetbrasil.duckdns.org

Extracted

Family

mirai

Botnet

OWARI

C2

milnetbrasil.duckdns.org

Extracted

Family

mirai

Botnet

OWARI

C2

milnetbrasil.duckdns.org

Targets

    • Target

      na.sh

    • Size

      2KB

    • MD5

      31eb41cbfbbd0e48aecbe2a689a34d71

    • SHA1

      a315bbb1681b97a156f747d3ab9f6d0f5694c475

    • SHA256

      5d8f0d7fc44dcd6e2488c1e37d9e31be38e558963a7b4531806c8c7d7004cdaa

    • SHA512

      50d60c823a9f5d88b21a7b7a5f3261c77ef635af545d0464c1114af51caa2b52f8a5764cfdcbd6587f84daa05db18f15132f61e7d384192fe1c8b18eab9d4ef4

    • Mirai

      Mirai is a prevalent Linux malware infecting exposed network devices.

    • Contacts a large (430256) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Executes dropped EXE

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

    • Enumerates running processes

      Discovers information about currently running processes on the system

MITRE ATT&CK Enterprise v15

Tasks