Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
sys.x86_64.elf
-
Size
9.6MB
-
Sample
221104-anxbzabcam
-
MD5
17ffc737f22a14f14179506036852fdf
-
SHA1
20d067b1193b671799883f3d60d57e455d40205d
-
SHA256
f425fa120bc1b3926ed92ed5cec74898f1d40c3059ae443f816a9e10a2699f80
-
SHA512
cef55042ed1b316befac309bfdc65a0095becefc44f42f67822980ae6a11d7f556f871d214475f7e2cc7073b6d91d79659dfa9a402f5a8d234316ed118a6c7b8
-
SSDEEP
196608:fWARAvrX1RUqqMjuZgsD+9FYbgLCzQ0+:uVTFf3jiD+9FCg2zQ0
Behavioral task
behavioral1
Sample
sys.x86_64.elf
Resource
ubuntu1804-amd64-en-20211208
Malware Config
Targets
-
-
Target
sys.x86_64.elf
-
Size
9.6MB
-
MD5
17ffc737f22a14f14179506036852fdf
-
SHA1
20d067b1193b671799883f3d60d57e455d40205d
-
SHA256
f425fa120bc1b3926ed92ed5cec74898f1d40c3059ae443f816a9e10a2699f80
-
SHA512
cef55042ed1b316befac309bfdc65a0095becefc44f42f67822980ae6a11d7f556f871d214475f7e2cc7073b6d91d79659dfa9a402f5a8d234316ed118a6c7b8
-
SSDEEP
196608:fWARAvrX1RUqqMjuZgsD+9FYbgLCzQ0+:uVTFf3jiD+9FCg2zQ0
Score9/10-
Contacts a large (528930) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates kernel/hardware configuration
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory
Malware often drops required files in the /tmp directory.
-