Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    linux_arm6

  • Size

    5.1MB

  • Sample

    220930-ml9whadce3

  • MD5

    173cc4ddab87dc75222bab5c44f7cdd5

  • SHA1

    d4cc58b67d9d1d5e4ff191da9c8de9a4982b787e

  • SHA256

    66a78e0a712638e9317ed2206c660e995b20fea2f36c533fbb9768d925260f6e

  • SHA512

    b052f6b661b1e28b6e1de751f7577be6123fc700deb3543f18a5e813dde7ae0bb39c54d732b7fadcc6deb93ac49dfc14a40934e9ee3f5832bd42954a6a2dbd33

  • SSDEEP

    98304:8cSBHdgN2a7JP97kJru8cYWPAXqJu+60:8cS03xu+6

Score
9/10

Malware Config

Targets

    • Target

      linux_arm6

    • Size

      5.1MB

    • MD5

      173cc4ddab87dc75222bab5c44f7cdd5

    • SHA1

      d4cc58b67d9d1d5e4ff191da9c8de9a4982b787e

    • SHA256

      66a78e0a712638e9317ed2206c660e995b20fea2f36c533fbb9768d925260f6e

    • SHA512

      b052f6b661b1e28b6e1de751f7577be6123fc700deb3543f18a5e813dde7ae0bb39c54d732b7fadcc6deb93ac49dfc14a40934e9ee3f5832bd42954a6a2dbd33

    • SSDEEP

      98304:8cSBHdgN2a7JP97kJru8cYWPAXqJu+60:8cS03xu+6

    Score
    9/10
    • Modifies the Watchdog daemon

      Malware like Mirai modify the Watchdog to prevent it restarting an infected system.

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Modifies Bash startup script

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Write file to user bin folder

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks