Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    elitebotnet.mips.elf

  • Size

    97KB

  • Sample

    250113-lhmfcsxjdw

  • MD5

    0589b3d263957e51899c048a347b5e0a

  • SHA1

    253025ae97055316ad0bc4f9dd4c680e0a9af96a

  • SHA256

    9701f870720ee716c02d544e6f148075d2798254cae3ad4263df3ef2c82b15d3

  • SHA512

    82160c65efc3ed2086d4729ae7e97f98b9d237a1631421fd951db790be438db9432045ee16363da9c1070356d7d8227991711908674347edd9a4f3dc8f049284

  • SSDEEP

    3072:kQW/HIc4mbkqFAuGz+8iYzfbNcQwbZnGN:kL/oqFAu6fTzfnwRGN

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

C2

asdfui.elite-api.su

Targets

    • Target

      elitebotnet.mips.elf

    • Size

      97KB

    • MD5

      0589b3d263957e51899c048a347b5e0a

    • SHA1

      253025ae97055316ad0bc4f9dd4c680e0a9af96a

    • SHA256

      9701f870720ee716c02d544e6f148075d2798254cae3ad4263df3ef2c82b15d3

    • SHA512

      82160c65efc3ed2086d4729ae7e97f98b9d237a1631421fd951db790be438db9432045ee16363da9c1070356d7d8227991711908674347edd9a4f3dc8f049284

    • SSDEEP

      3072:kQW/HIc4mbkqFAuGz+8iYzfbNcQwbZnGN:kL/oqFAu6fTzfnwRGN

    • Contacts a large (23673) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

MITRE ATT&CK Enterprise v15

Tasks