Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    run.sh.zip

  • Size

    2KB

  • Sample

    230304-zlrfdaeb8y

  • MD5

    8063aa36518907affb05fbb370195bdf

  • SHA1

    8234ce1d09b2e149498b479ec188bc8230d65955

  • SHA256

    dc30e18cd588c7385d0ccb41ffcfc5a8411fb8d87d3283d0ce927475fb125ade

  • SHA512

    0a5f621b5d8e06be826cb64664e8cd7a0dfdd2d7fbc669129b3f481d48431fe422898c6f5e1a30424116638f6306a053fd7ab453f1e712d5afc8416f7c45355b

Score
9/10

Malware Config

Targets

    • Target

      run.sh

    • Size

      8KB

    • MD5

      e34bac21135beadf24e557e6a8cd7a64

    • SHA1

      def390dddd27d379d4fb38c80fc69d7997425ff8

    • SHA256

      82c388aafffef7d131167904bba3a514f2480757489b0810d04437050784ad31

    • SHA512

      8bacb26ecd8a6157e6eaedc271db20590fe62848c4e742339384c01e4fcb1df4a8f19a089c950337061b40998a9de52666e0a3c232aed69080be1a26ee2242c8

    • SSDEEP

      96:bCUA/F3XH3t3Zu5bufqufVuHWK7ZXkTKk9kfKkQkRkfIk4kv2k8kalhX5KsU6uZR:b7qnpWAFuWK71gVfwzXUstqVk8EbYF

    Score
    9/10
    • Deletes system logs

    • Modifies hosts file

      Adds to hosts file used for mapping hosts to IP addresses.

    • Writes DNS configuration

      Writes data to DNS resolver config file.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Write file to user bin folder

    • Reads CPU attributes

    • Reads runtime system information

      Reads data from /proc virtual filesystem.

    • Writes file to tmp directory

      Malware often drops required files in the /tmp directory.

MITRE ATT&CK Enterprise v6

Tasks