Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

hoho.arm.elf

debian-9-armhf

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    hoho.arm.elf

  • Size

    49KB

  • Sample

    250319-am1m1atnx3

  • MD5

    67f96d31c0e94329021a3c70e76f487a

  • SHA1

    664b386b29b19c862fb72afe34621bce1ee034c9

  • SHA256

    98c62d9e43a35adb8e855e55d56e468b0ec5ae8f9607642bee4dd52f35f19a71

  • SHA512

    15e9e73385cceb070c419e1bca373e3816758eb1d34435d948852ceb9ff252e4b2276801660a0f048f233f426dc7600e26efc668867569f2d7ab4bf9a14e8bc8

  • SSDEEP

    768:4DMcmv+8cibEmmxmmoBa4CmxiC8sawbwzRgBCENabmwsvYPfjA/hcT3D8ZRRfPNE:Vcpjibht8sDabLsIfU5ngR6

Score
10/10
miraisoradefense_evasiondiscovery

Malware Config

Extracted

Family

mirai

Botnet

SORA

Targets

    • Target

      hoho.arm.elf

    • Size

      49KB

    • MD5

      67f96d31c0e94329021a3c70e76f487a

    • SHA1

      664b386b29b19c862fb72afe34621bce1ee034c9

    • SHA256

      98c62d9e43a35adb8e855e55d56e468b0ec5ae8f9607642bee4dd52f35f19a71

    • SHA512

      15e9e73385cceb070c419e1bca373e3816758eb1d34435d948852ceb9ff252e4b2276801660a0f048f233f426dc7600e26efc668867569f2d7ab4bf9a14e8bc8

    • SSDEEP

      768:4DMcmv+8cibEmmxmmoBa4CmxiC8sawbwzRgBCENabmwsvYPfjA/hcT3D8ZRRfPNE:Vcpjibht8sDabLsIfU5ngR6

    Score
    9/10
    defense_evasiondiscovery

    • Contacts a large (349780) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

      defense_evasion

    • Enumerates active TCP sockets

      Gets active TCP sockets from /proc virtual filesystem.

      discovery
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks