Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

9

Static

static

bruteratel...LA.pdf

windows7-x64

1

bruteratel...LA.pdf

windows10-2004-x64

5

bruteratel...eC2.py

ubuntu-18.04-amd64

9

bruteratel...eC2.py

debian-9-armhf

bruteratel...eC2.py

debian-9-mips

bruteratel...eC2.py

debian-9-mipsel

bruteratel...sgs.py

ubuntu-18.04-amd64

1

bruteratel...sgs.py

debian-9-armhf

bruteratel...sgs.py

debian-9-mips

bruteratel...sgs.py

debian-9-mipsel

bruteratel...ner.py

ubuntu-18.04-amd64

9

bruteratel...ner.py

debian-9-armhf

bruteratel...ner.py

debian-9-mips

bruteratel...ner.py

debian-9-mipsel

bruteratel...ier.py

ubuntu-18.04-amd64

9

bruteratel...ier.py

debian-9-armhf

bruteratel...ier.py

debian-9-mips

bruteratel...ier.py

debian-9-mipsel

bruteratel...ssl.sh

ubuntu-18.04-amd64

5

bruteratel...ssl.sh

debian-9-armhf

5

bruteratel...ssl.sh

debian-9-mips

1

bruteratel...ssl.sh

debian-9-mipsel

1

bruteratel...all.sh

ubuntu-18.04-amd64

8

bruteratel...all.sh

debian-9-armhf

1

bruteratel...all.sh

debian-9-mips

8

bruteratel...all.sh

debian-9-mipsel

8

bruteratel...ver.sh

ubuntu-18.04-amd64

5

bruteratel...ver.sh

debian-9-armhf

1

bruteratel...ver.sh

debian-9-mips

5

bruteratel...ver.sh

debian-9-mipsel

5

bruteratel...armx64

ubuntu-18.04-amd64

bruteratel...armx64

debian-9-armhf

Analysis

  • max time kernel
    0s
  • max time network
    103s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    28/09/2022, 13:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    bruteratel/adhoc_scripts/install.sh

  • Size

    330B

  • MD5

    824f22de9f76d0a488e117b397631521

  • SHA1

    46a0146dc6a5f6e84cf00504bebe1fe9366c2e05

  • SHA256

    2843bac3fdc0cfa82edb40dced2e17323097abbf4e3abd3cdce154920c916b90

  • SHA512

    c5fed05e897769eb318fd4f0d039a966b6e82e4a977f8cf3a07fcc810be0c2f60cf9b01728ffdfa684833f3040772491d09d893600c3f0af7414f0252b392414

Score
8/10
persistence

Malware Config

Signatures

  • Modifies hosts file 1 IoCs

    Adds to hosts file used for mapping hosts to IP addresses.

  • Writes DNS configuration 1 TTPs 1 IoCs

    Writes data to DNS resolver config file.

  • Creates/modifies environment variables 1 TTPs 1 IoCs

    Creating/modifying environment variables is a common persistence mechanism.

    persistence
  • Reads runtime system information 9 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 17 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/bruteratel/adhoc_scripts/install.sh
    /tmp/bruteratel/adhoc_scripts/install.sh
    1⤵
    • Writes file to tmp directory
    PID:580
    • /usr/bin/sudo
      sudo apt-get install nasm mingw-w64
      2⤵
      • Modifies hosts file
      • Writes DNS configuration
      • Creates/modifies environment variables
      • Reads runtime system information
      PID:581
      • /usr/bin/apt-get
        apt-get install nasm mingw-w64
        3⤵
        • Writes file to tmp directory
        PID:582
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          4⤵
          • Reads runtime system information
          PID:583
        • /usr/bin/dpkg
          /usr/bin/dpkg --print-foreign-architectures
          4⤵
          • Reads runtime system information
          PID:584
        • /usr/lib/apt/methods/http
          /usr/lib/apt/methods/http
          4⤵
            PID:592
    • /bin/sh
      sh -c "[ ! -f /usr/lib/ubuntu-advantage/apt-esm-hook ] || /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke || true"
      1⤵
        PID:590
        • /usr/lib/ubuntu-advantage/apt-esm-hook
          /usr/lib/ubuntu-advantage/apt-esm-hook pre-invoke
          2⤵
          • Reads runtime system information
          PID:591

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads