Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

5

193.200.78...55.elf

debian-12-armhf

10

Analysis

  • max time kernel
    150s
  • max time network
    161s
  • platform
    debian-12_armhf
  • resource
    debian12-armhf-20240221-en
  • resource tags

    arch:armhfimage:debian12-armhf-20240221-enkernel:6.1.0-17-armmp-lpaelocale:en-usos:debian-12-armhfsystem
  • submitted
    21/01/2025, 10:56 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    193.200.78.24-boatnet.arm7-2025-01-21T101455.elf

  • Size

    45KB

  • MD5

    ef0ed5900913788d9a7d956c1f166ef3

  • SHA1

    607fa5a7a3e908b5bf3a3fda43ca62d366f14203

  • SHA256

    971b15d0d74811c111cc9b95f1cad309377e44e79706b0a890fb38a20cdcddf3

  • SHA512

    954a0cbe6455772801aa585bb18351226324f3a676f5d45c66b31e2545daeba28979911247a9ceb0154a1b494ce84ce0fc3db389cd191d136d11377e16e0530f

  • SSDEEP

    768:D/TYCoIxdEk+AxoTZAZHFeq8b3e49q3UELbUXfi6nVMQHI4vcGpv8:DECFd+A6YHAxehLRQZ8

Score
10/10
mirailzrdbotnetdefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

    botnetmirai
  • Mirai family
    mirai
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    defense_evasion
  • Writes file to system bin folder 2 IoCs
  • Reads runtime system information 12 IoCs

    Reads data from /proc virtual filesystem.

    discovery

Processes

  • /tmp/193.200.78.24-boatnet.arm7-2025-01-21T101455.elf
    /tmp/193.200.78.24-boatnet.arm7-2025-01-21T101455.elf
    1⤵
    • Modifies Watchdog functionality
    • Writes file to system bin folder
    • Reads runtime system information
    PID:713

Network

  • flag-us
    DNS
    debian12-armhf-20240221-en-4
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-4
    IN AAAA
    Response
  • flag-us
    DNS
    debian12-armhf-20240221-en-4
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-4
    IN A
    Response
  • flag-us
    DNS
    debian12-armhf-20240221-en-4
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-4
    IN AAAA
    Response
  • flag-us
    DNS
    debian12-armhf-20240221-en-4
    Remote address:
    1.1.1.1:53
    Request
    debian12-armhf-20240221-en-4
    IN A
    Response
  • 193.200.78.24:3778
    325 B
     216 B
     6
    4
  • 1.1.1.1:53
    debian12-armhf-20240221-en-4
    dns
    74 B
     149 B
     1
    1

    DNS Request

    debian12-armhf-20240221-en-4

  • 1.1.1.1:53
    debian12-armhf-20240221-en-4
    dns
    74 B
     149 B
     1
    1

    DNS Request

    debian12-armhf-20240221-en-4

  • 1.1.1.1:53
    debian12-armhf-20240221-en-4
    dns
    74 B
     149 B
     1
    1

    DNS Request

    debian12-armhf-20240221-en-4

  • 1.1.1.1:53
    debian12-armhf-20240221-en-4
    dns
    74 B
     149 B
     1
    1

    DNS Request

    debian12-armhf-20240221-en-4

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.