Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    arm7.elf

  • Size

    201KB

  • Sample

    250203-mepa8azpdl

  • MD5

    02cd99283ce6e254b9b0871a2410774d

  • SHA1

    98b10a5bccb30ff6c5ce630881b0fbd6dbea2be9

  • SHA256

    65fdbd7196f697c46570a644bff84b0740b5141658da73fa8cbd105a4762784b

  • SHA512

    759ab2274191aa8e75b1b8518db3d2781454c7672f74ec1a2c20b3d709f37fa364da0ccbf5d9836f430bdff9581d9e9f4531e045e0861817daf43b6ae3fc958f

  • SSDEEP

    6144:L8it4CcJs+Hj43930SnaA0g2+w8oiZ2dHjqyKDM/9/MtM7:L8it4CcJ9H83mSnaA0g2+wH8w8A/OQ

Malware Config

Extracted

Family

mirai

Botnet

OWARI

Targets

    • Target

      arm7.elf

    • Size

      201KB

    • MD5

      02cd99283ce6e254b9b0871a2410774d

    • SHA1

      98b10a5bccb30ff6c5ce630881b0fbd6dbea2be9

    • SHA256

      65fdbd7196f697c46570a644bff84b0740b5141658da73fa8cbd105a4762784b

    • SHA512

      759ab2274191aa8e75b1b8518db3d2781454c7672f74ec1a2c20b3d709f37fa364da0ccbf5d9836f430bdff9581d9e9f4531e045e0861817daf43b6ae3fc958f

    • SSDEEP

      6144:L8it4CcJs+Hj43930SnaA0g2+w8oiZ2dHjqyKDM/9/MtM7:L8it4CcJ9H83mSnaA0g2+wH8w8A/OQ

    • Contacts a large (49116) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks