Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    hmips.elf

  • Size

    87KB

  • Sample

    241117-hs3csaykcm

  • MD5

    4e91f0cb86a28136e1a29d5aa7dea7ef

  • SHA1

    6894e8586fab01bb94d27639ad8d54f9cf176b6e

  • SHA256

    deb015c1eb0f52954f8ad512471659c84335c1561938ece76a280f76c001427a

  • SHA512

    045a67057348859fc70bb67d394c688bc71032c327f1ee5fb2cd19c0faef9a2e10067a411ec90476eed4421a4fda5557dfbd62bd209f571f3b10188a32db745c

  • SSDEEP

    1536:8jkq7pZ30YrisHt2Wt2x02mJzEG4rvxWcNm3/Vl/Qe3j+xBvAzltK:/qHfisNsvx3m3/b/wBYzlg

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Targets

    • Target

      hmips.elf

    • Size

      87KB

    • MD5

      4e91f0cb86a28136e1a29d5aa7dea7ef

    • SHA1

      6894e8586fab01bb94d27639ad8d54f9cf176b6e

    • SHA256

      deb015c1eb0f52954f8ad512471659c84335c1561938ece76a280f76c001427a

    • SHA512

      045a67057348859fc70bb67d394c688bc71032c327f1ee5fb2cd19c0faef9a2e10067a411ec90476eed4421a4fda5557dfbd62bd209f571f3b10188a32db745c

    • SSDEEP

      1536:8jkq7pZ30YrisHt2Wt2x02mJzEG4rvxWcNm3/Vl/Qe3j+xBvAzltK:/qHfisNsvx3m3/b/wBYzlg

    Score
    9/10
    • Contacts a large (326171) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Unexpected DNS network traffic destination

      Network traffic to other servers than the configured DNS servers was detected on the DNS port.

MITRE ATT&CK Enterprise v15

Tasks