Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    152s
  • max time network
    19s
  • platform
    debian-12_mipsel
  • resource
    debian12-mipsel-20240221-en
  • resource tags

    arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem
  • submitted
    05/01/2025, 21:35 UTC

General

  • Target

    103.6.170.65-boatnet.mpsl-2025-01-05T141240.elf

  • Size

    24KB

  • MD5

    c37ecb46ae324008a733e16138c567fc

  • SHA1

    34f5a1b3dbfd0436c02a9352b408d14f6ca2a92a

  • SHA256

    d427cd5ac2c772a3c95a1615737508252dec671df6bcf526ab206b9770aa5a60

  • SHA512

    0475acb8cbbfc842e3e889eeeb06d81fea8bb95d056a87e110b945d3fdc2f6f327a10df08d71f17a16325368623299af9bddf2ab5fd9a14f6e419b4db6806317

  • SSDEEP

    768:gDrQlS07dEv0UXqUhvQE+CXQKMQKCXBpyzZqyWvE:oQlS07FUXqIYSXQKqu0qc

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Mirai family
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 22 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/103.6.170.65-boatnet.mpsl-2025-01-05T141240.elf
    /tmp/103.6.170.65-boatnet.mpsl-2025-01-05T141240.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:741

Network

  • flag-us
    DNS
    debian12-mipsel-20240221-en-2
    Remote address:
    1.1.1.1:53
    Request
    debian12-mipsel-20240221-en-2
    IN AAAA
    Response
  • flag-us
    DNS
    debian12-mipsel-20240221-en-2
    Remote address:
    1.1.1.1:53
    Request
    debian12-mipsel-20240221-en-2
    IN A
    Response
  • flag-us
    DNS
    debian12-mipsel-20240221-en-2
    Remote address:
    1.1.1.1:53
    Request
    debian12-mipsel-20240221-en-2
    IN AAAA
    Response
  • flag-us
    DNS
    debian12-mipsel-20240221-en-2
    Remote address:
    1.1.1.1:53
    Request
    debian12-mipsel-20240221-en-2
    IN A
    Response
No results found
  • 1.1.1.1:53
    debian12-mipsel-20240221-en-2
    dns
    75 B
    150 B
    1
    1

    DNS Request

    debian12-mipsel-20240221-en-2

  • 1.1.1.1:53
    debian12-mipsel-20240221-en-2
    dns
    75 B
    150 B
    1
    1

    DNS Request

    debian12-mipsel-20240221-en-2

  • 1.1.1.1:53
    debian12-mipsel-20240221-en-2
    dns
    75 B
    150 B
    1
    1

    DNS Request

    debian12-mipsel-20240221-en-2

  • 1.1.1.1:53
    debian12-mipsel-20240221-en-2
    dns
    75 B
    150 B
    1
    1

    DNS Request

    debian12-mipsel-20240221-en-2

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.