Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
25019s -
max time network
159s -
platform
linux_armhf -
resource
debian9-armhf-en-20211208 -
resource tags
arch:armhfimage:debian9-armhf-en-20211208kernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
24/09/2022, 06:49
Static task
static1
Behavioral task
behavioral1
Sample
ak.arm7-20220924-0648.elf
Resource
debian9-armhf-en-20211208
debian-9-armhf
General
-
Target
ak.arm7-20220924-0648.elf
-
Size
63KB
-
MD5
64fbb0d0b7030f5e8e6d12e3699f44dc
-
SHA1
e621f1144bd7a5e53873a0872ac2a9adc4c959fb
-
SHA256
46e56f34f131671c4c2bf5fad0446f6e57eace2a038f08078e073c79536107c4
-
SHA512
c311080224ff6453cea79e2ba3e3995cc74ebf0451a791a22f7a4c5de73cbee1c820805b550e108b9871cd141aca253f9dc17e0fb140c2528d75d934b78673f2
-
SSDEEP
1536:TkOL14JpVGYrErIX1Wy55cVKNKG5eALK8BkBXIiSpv3:jKz/riIDSALbk9Il3
Malware Config
Signatures
-
Contacts a large (43189) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/43/cmdline /proc/43/cmdline /proc/372/cmdline /proc/372/cmdline /proc/439/cmdline /proc/439/cmdline /proc/464/cmdline /proc/464/cmdline /proc/19/cmdline /proc/19/cmdline /proc/29/cmdline /proc/29/cmdline /proc/26/cmdline /proc/26/cmdline /proc/276/cmdline /proc/276/cmdline /proc/416/cmdline /proc/416/cmdline /proc/488/cmdline /proc/488/cmdline /proc/3/cmdline /proc/3/cmdline /proc/8/cmdline /proc/8/cmdline /proc/103/cmdline /proc/103/cmdline /proc/399/cmdline /proc/399/cmdline /proc/414/cmdline /proc/414/cmdline /proc/436/cmdline /proc/436/cmdline /proc/477/cmdline /proc/477/cmdline /proc/2/cmdline /proc/2/cmdline /proc/25/cmdline /proc/25/cmdline /proc/375/cmdline /proc/375/cmdline /proc/408/cmdline /proc/408/cmdline /proc/410/cmdline /proc/410/cmdline /proc/423/cmdline /proc/423/cmdline /proc/447/cmdline /proc/447/cmdline /proc/453/cmdline /proc/453/cmdline /proc/10/cmdline /proc/10/cmdline /proc/13/cmdline /proc/13/cmdline /proc/413/cmdline /proc/413/cmdline /proc/162/cmdline /proc/162/cmdline /proc/374/cmdline /proc/374/cmdline /proc/7/cmdline /proc/7/cmdline /proc/231/cmdline /proc/231/cmdline /proc/471/cmdline /proc/471/cmdline /proc/1/cmdline /proc/1/cmdline /proc/4/cmdline /proc/4/cmdline /proc/476/cmdline /proc/476/cmdline /proc/24/cmdline /proc/24/cmdline /proc/27/cmdline /proc/27/cmdline /proc/17/cmdline /proc/17/cmdline /proc/444/cmdline /proc/444/cmdline /proc/370/cmdline /proc/370/cmdline /proc/412/cmdline /proc/412/cmdline /proc/461/cmdline /proc/461/cmdline /proc/465/cmdline /proc/465/cmdline /proc/485/cmdline /proc/485/cmdline /proc/487/cmdline /proc/487/cmdline /proc/106/cmdline /proc/106/cmdline /proc/307/cmdline /proc/307/cmdline /proc/400/cmdline /proc/400/cmdline /proc/21/cmdline /proc/21/cmdline /proc/73/cmdline /proc/73/cmdline /proc/450/cmdline /proc/450/cmdline /proc/474/cmdline /proc/474/cmdline /proc/129/cmdline /proc/129/cmdline /proc/427/cmdline /proc/427/cmdline /proc/409/cmdline /proc/409/cmdline /proc/347/cmdline /proc/347/cmdline /proc/397/cmdline /proc/397/cmdline /proc/366/cmdline /proc/366/cmdline /proc/448/cmdline /proc/448/cmdline /proc/456/cmdline /proc/456/cmdline /proc/473/cmdline /proc/473/cmdline /proc/478/cmdline /proc/478/cmdline /proc/11/cmdline /proc/11/cmdline -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/ak.arm7-20220924-0648.elf /tmp/ak.arm7-20220924-0648.elf ak.arm7-20220924-0648.elf