Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
max time network
120s -
platform
linux_mipsel -
resource
debian9-mipsel-en-20211208 -
resource tags
arch:mipselimage:debian9-mipsel-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
04/12/2022, 14:36
Static task
static1
General
-
Target
4146dffda8c8e8e55235e7b4a1debe2b.elf
-
Size
172KB
-
MD5
4146dffda8c8e8e55235e7b4a1debe2b
-
SHA1
2d3f3095788f4d25eed9a0517ef7d17cf44d0dfa
-
SHA256
7355235899e9f4d7748af971331940dab4b8c5f15130d756fde3a1d6a2bcb1ab
-
SHA512
a756ff3e7448e0ebd125c6063b2db95aa868cfc337932d159298b282174a25bf4a7f54988a7b0f89c7a2c78787e8f8021b9eb8396847a6a80102160561bb6097
-
SSDEEP
1536:H+RnMzT1USPF5ogwFF0l+N7ERqCon0wZC0Zw1vG4:4wTjPjoD08N7ERb4ZC0ML
Malware Config
Signatures
-
Attempts to identify hypervisor via CPU configuration 1 TTPs 1 IoCs
Checks CPU information for indicators that the system is a virtual machine.
description ioc /proc/cpuinfo /proc/cpuinfo -
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Writes file to system bin folder 1 TTPs 3 IoCs
description ioc /bin/login /bin/login /sbin/dhclient /sbin/dhclient /bin/bash /bin/bash -
Write file to user bin folder 1 TTPs 5 IoCs
description ioc /usr/bin/dbus-daemon /usr/bin/dbus-daemon /usr/sbin/sshd /usr/sbin/sshd /usr/sbin/agent /usr/sbin/agent /usr/sbin/rsyslogd /usr/sbin/rsyslogd /usr/sbin/cron /usr/sbin/cron -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Reads runtime system information 62 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/8/maps /proc/8/maps /proc/14/maps /proc/14/maps /proc/74/maps /proc/74/maps /proc/284/maps /proc/284/maps /proc/3/maps /proc/3/maps /proc/71/maps /proc/71/maps /proc/77/maps /proc/77/maps /proc/83/maps /proc/83/maps /proc/225/maps /proc/225/maps /proc/6/maps /proc/6/maps /proc/12/maps /proc/12/maps /proc/36/maps /proc/36/maps /proc/228/maps /proc/228/maps /proc/301/maps /proc/301/maps /proc/4/maps /proc/4/maps /proc/5/maps /proc/5/maps /proc/7/maps /proc/7/maps /proc/69/maps /proc/69/maps /proc/114/maps /proc/114/maps /proc/11/maps /proc/11/maps /proc/258/maps /proc/258/maps /proc/291/maps /proc/291/maps /proc/ /proc/ /proc/19/maps /proc/19/maps /proc/37/maps /proc/37/maps /proc/2/maps /proc/2/maps /proc/9/maps /proc/9/maps /proc/20/maps /proc/20/maps /proc/75/maps /proc/75/maps /proc/145/maps /proc/145/maps /proc/229/maps /proc/229/maps /proc/21/maps /proc/21/maps /proc/23/maps /proc/23/maps /proc/250/maps /proc/250/maps /proc/15/maps /proc/15/maps /proc/16/maps /proc/16/maps /proc/300/maps /proc/300/maps /proc/13/maps /proc/13/maps /proc/326/maps /proc/326/maps /proc/self/maps /proc/self/maps /proc/1/maps /proc/1/maps /proc/24/maps /proc/24/maps /proc/81/maps /proc/81/maps /proc/105/maps /proc/105/maps /proc/156/maps /proc/156/maps /proc/251/maps /proc/251/maps /proc/10/maps /proc/10/maps /proc/18/maps /proc/18/maps /proc/76/maps /proc/76/maps /proc/78/maps /proc/78/maps /proc/227/maps /proc/227/maps /proc/meminfo /proc/meminfo /proc/115/maps /proc/115/maps /proc/22/maps /proc/22/maps /proc/72/maps /proc/72/maps /proc/282/maps /proc/282/maps /proc/141/maps /proc/141/maps /proc/17/maps /proc/17/maps /proc/73/maps /proc/73/maps /proc/209/maps /proc/209/maps /proc/224/maps /proc/224/maps /proc/333/maps /proc/333/maps