Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
linux_arm6
-
Size
5.1MB
-
Sample
220930-ml9whadce3
-
MD5
173cc4ddab87dc75222bab5c44f7cdd5
-
SHA1
d4cc58b67d9d1d5e4ff191da9c8de9a4982b787e
-
SHA256
66a78e0a712638e9317ed2206c660e995b20fea2f36c533fbb9768d925260f6e
-
SHA512
b052f6b661b1e28b6e1de751f7577be6123fc700deb3543f18a5e813dde7ae0bb39c54d732b7fadcc6deb93ac49dfc14a40934e9ee3f5832bd42954a6a2dbd33
-
SSDEEP
98304:8cSBHdgN2a7JP97kJru8cYWPAXqJu+60:8cS03xu+6
Malware Config
Targets
-
-
Target
linux_arm6
-
Size
5.1MB
-
MD5
173cc4ddab87dc75222bab5c44f7cdd5
-
SHA1
d4cc58b67d9d1d5e4ff191da9c8de9a4982b787e
-
SHA256
66a78e0a712638e9317ed2206c660e995b20fea2f36c533fbb9768d925260f6e
-
SHA512
b052f6b661b1e28b6e1de751f7577be6123fc700deb3543f18a5e813dde7ae0bb39c54d732b7fadcc6deb93ac49dfc14a40934e9ee3f5832bd42954a6a2dbd33
-
SSDEEP
98304:8cSBHdgN2a7JP97kJru8cYWPAXqJu+60:8cS03xu+6
Score9/10-
Modifies the Watchdog daemon
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Modifies hosts file
Adds to hosts file used for mapping hosts to IP addresses.
-
Writes DNS configuration
Writes data to DNS resolver config file.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Modifies Bash startup script
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Write file to user bin folder
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-