Statik Analiz — MozellaELF | Tehdit: ORTA
Dosya Kimligi
| SHA256 | d77dd11f63c978adf10c2ea5fbd2a77e650ae00d19877032b693b154e86d00e4 |
|---|---|
| Boyut | 6,346,808 byte (ELF 64-bit LSB, Linux x86-64) |
| Isim | mozella (Mozilla takliti, Mozilla degil) |
Mozella -- Mozilla Taklidi Linux ELF
ISIM TAKLIDI: mozella -- Mozilla Firefox taklit ismi, ancak Linux ELF malware!
mozella -- Mozilla Firefox taklidi isim\n\n-- ELF 64-bit LSB: Linux calistirilabilir dosyasi\n-- Boyut 6.3MB: PyInstaller bundle veya Go static binary olasiligi\n-- 27,688 string: tipik PyInstaller paketlemesi\n-- http.cookies(), requests.cookies(): Python kutuphanesi izleri\n-- Mozilla cookie hedefi: http.cookies modulu ile tarayici cookie parse
Suphelici Rus Alan Adlari
unittest.ru\nunittest.su\n\n-- .su (Soviet Union TLD): Rus siber suc oktorlerinin tercih ettigi alan adi\n-- .ru: Rusya TLD\n-- unittest: Python birim test cercevesi -- test ortami taklidi kamo mi?\n-- Gercek C2 mi yoksa PyInstaller dahili test modulu mi: belirsiz
Ag ve Cookie Kapasitesi
socket(\nhttp.cookies(\nrequests.cookies(\nbase64(\n\n-- socket: ham TCP/UDP baglantisi kapasitesi\n-- requests.cookies: Python requests kutuphanesi ile web istegi ve cookie yonetimi\n-- base64: veri kodlama/kodlama\n-- Hedef: tarayici cookie dosyalarini oku, C2 ya da exfil noktasina gonder
IOC
| SHA256 | d77dd11f63c978adf10c2ea5fbd2a77e650ae00d19877032b693b154e86d00e4 |
|---|---|
| Platform | Linux ELF 64-bit x86-64 |
| Isim | mozella (Mozilla taklidi) |
| Suphelici domain | unittest.ru, unittest.su |
MozellaELF — Malware Profile
Linux ELF 64-bit PyInstaller-bundled credential stealer with Mozilla brand imitation filename (mozella). Python requests.cookies and http.cookies modules for browser cookie theft. Suspicious domains unittest.ru and unittest.su (Russian/Soviet TLDs). socket + base64 for exfiltration.
Malware Type
Infostealer
Programming Language
Python/PyInstaller
C2 Protocol
HTTP
Target Systems
Linux Sistemler
Capabilities & Behavior
Tarayıcı Kimlik Bilgileri
Çerez Hırsızlığı
Kripto Cüzdan Çalma
Sistem Bilgisi
Ekran Görüntüsü
FTP/SSH İstemci Şifreleri
E-posta İstemcisi Çalma
Veri Sızıntısı
IOC List (1 indicators)
IOC — MozellaELF
# SHA256
d77dd11f63c978adf10c2ea5fbd2a77e650ae00d19877032b693b154e86d00e4
| Type | Value | Note |
|---|---|---|
| sha256 | d77dd11f63c978adf10c2ea5fbd2a77e650ae00d19877032b693b154e86d00e4 |