Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    sys.x86_64.elf

  • Size

    9.6MB

  • Sample

    221104-anxbzabcam

  • MD5

    17ffc737f22a14f14179506036852fdf

  • SHA1

    20d067b1193b671799883f3d60d57e455d40205d

  • SHA256

    f425fa120bc1b3926ed92ed5cec74898f1d40c3059ae443f816a9e10a2699f80

  • SHA512

    cef55042ed1b316befac309bfdc65a0095becefc44f42f67822980ae6a11d7f556f871d214475f7e2cc7073b6d91d79659dfa9a402f5a8d234316ed118a6c7b8

  • SSDEEP

    196608:fWARAvrX1RUqqMjuZgsD+9FYbgLCzQ0+:uVTFf3jiD+9FCg2zQ0

Malware Config

Targets

    • Target

      sys.x86_64.elf

    • Size

      9.6MB

    • MD5

      17ffc737f22a14f14179506036852fdf

    • SHA1

      20d067b1193b671799883f3d60d57e455d40205d

    • SHA256

      f425fa120bc1b3926ed92ed5cec74898f1d40c3059ae443f816a9e10a2699f80

    • SHA512

      cef55042ed1b316befac309bfdc65a0095becefc44f42f67822980ae6a11d7f556f871d214475f7e2cc7073b6d91d79659dfa9a402f5a8d234316ed118a6c7b8

    • SSDEEP

      196608:fWARAvrX1RUqqMjuZgsD+9FYbgLCzQ0+:uVTFf3jiD+9FCg2zQ0

    • Contacts a large (528930) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates kernel/hardware configuration

      Reads contents of /sys virtual filesystem to enumerate system information.

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks