Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
09/03/2023, 11:55
230309-n3j7vabb5s 709/03/2023, 11:52
230309-n14tgabb4w 709/03/2023, 11:52
230309-n1x1xscb76 109/03/2023, 11:51
230309-n1a66abb31 706/03/2023, 18:09
230306-wrky1adh31 703/02/2023, 20:32
230203-zbg4ysed91 7Analysis
-
max time kernel
0s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
09/03/2023, 11:52
Static task
static1
Behavioral task
behavioral1
Sample
b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
2 signatures
150 seconds
General
-
Target
b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c
-
Size
2.4MB
-
MD5
2902e12f00a185471b619233ee8631f3
-
SHA1
7e7f666a6839abe1b2cc76176516f54e46a2d453
-
SHA256
b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c
-
SHA512
0060f2e8b9ffe7c813a76597a76d899c2159318aacaff32f3b364801893573cb3c32c39d68cdde2c200a985dbad5944a52eefb3c3c5cae1690ccd465184a19d7
-
SSDEEP
49152:2bZPXEinhLENX/bX40MA4sDM9RIfiv2eZRBqnlptIU6iQnkgWbwL/KIRpvg9Suj:4KinhLEBo0MA4sDoIqv2eZOnlw+QnHp8
Score
7/10
Malware Config
Signatures
-
Write file to user bin folder 1 TTPs 64 IoCs
description ioc Process /usr/sbin/groupmems /usr/sbin/groupmems Process not Found /usr/sbin/iptables-apply /usr/sbin/iptables-apply Process not Found /usr/sbin/readprofile /usr/sbin/readprofile Process not Found /usr/sbin/grpconv /usr/sbin/grpconv Process not Found /usr/sbin/invoke-rc.d /usr/sbin/invoke-rc.d Process not Found /usr/sbin/ownership /usr/sbin/ownership Process not Found /usr/sbin/uuidd /usr/sbin/uuidd Process not Found /usr/sbin/grub-mkconfig /usr/sbin/grub-mkconfig Process not Found /usr/sbin/setvesablank /usr/sbin/setvesablank Process not Found /usr/sbin/filefrag /usr/sbin/filefrag Process not Found /usr/sbin/update-default-ispell /usr/sbin/update-default-ispell Process not Found /usr/sbin/nfnl_osf /usr/sbin/nfnl_osf Process not Found /usr/sbin/update-mime /usr/sbin/update-mime Process not Found /usr/sbin/chgpasswd /usr/sbin/chgpasswd Process not Found /usr/sbin/userdel /usr/sbin/userdel Process not Found /usr/sbin/tcpdump /usr/sbin/tcpdump Process not Found /usr/sbin/iucode_tool /usr/sbin/iucode_tool Process not Found /usr/sbin/validlocale /usr/sbin/validlocale Process not Found /usr/sbin/select-default-ispell /usr/sbin/select-default-ispell Process not Found /usr/sbin/zic /usr/sbin/zic Process not Found /usr/sbin/ispell-autobuildhash /usr/sbin/ispell-autobuildhash Process not Found /usr/local/sbin/readme /usr/local/sbin/readme b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c /usr/sbin/update-ca-certificates /usr/sbin/update-ca-certificates Process not Found /usr/sbin/aa-status /usr/sbin/aa-status Process not Found /usr/sbin/grub-probe /usr/sbin/grub-probe Process not Found /usr/sbin/rtcwake /usr/sbin/rtcwake Process not Found /usr/sbin/arpd /usr/sbin/arpd Process not Found /usr/sbin/update-dictcommon-aspell /usr/sbin/update-dictcommon-aspell Process not Found /usr/sbin/grub-mkdevicemap /usr/sbin/grub-mkdevicemap Process not Found /usr/local/bin/readme /usr/local/bin/readme b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c /usr/sbin/readme /usr/sbin/readme b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c /usr/sbin/dmidecode /usr/sbin/dmidecode Process not Found /usr/sbin/add-shell /usr/sbin/add-shell Process not Found /usr/sbin/e4crypt /usr/sbin/e4crypt Process not Found /usr/sbin/remove-shell /usr/sbin/remove-shell Process not Found /usr/sbin/update-initramfs /usr/sbin/update-initramfs Process not Found /usr/sbin/grpunconv /usr/sbin/grpunconv Process not Found /usr/sbin/pwconv /usr/sbin/pwconv Process not Found /usr/sbin/update-default-wordlist /usr/sbin/update-default-wordlist Process not Found /usr/sbin/tzconfig /usr/sbin/tzconfig Process not Found /usr/sbin/rmt-tar /usr/sbin/rmt-tar Process not Found /usr/sbin/mklost+found /usr/sbin/mklost+found Process not Found /usr/sbin/adduser /usr/sbin/adduser Process not Found /usr/sbin/newusers /usr/sbin/newusers Process not Found /usr/sbin/irqbalance /usr/sbin/irqbalance Process not Found /usr/sbin/irqbalance-ui /usr/sbin/irqbalance-ui Process not Found /usr/sbin/addgnupghome /usr/sbin/addgnupghome Process not Found /usr/sbin/update-usbids /usr/sbin/update-usbids Process not Found /usr/sbin/chroot /usr/sbin/chroot Process not Found /usr/sbin/deluser /usr/sbin/deluser Process not Found /usr/sbin/pwunconv /usr/sbin/pwunconv Process not Found /usr/sbin/pam_timestamp_check /usr/sbin/pam_timestamp_check Process not Found /usr/sbin/grub-macbless /usr/sbin/grub-macbless Process not Found /usr/sbin/upgrade-from-grub-legacy /usr/sbin/upgrade-from-grub-legacy Process not Found /usr/sbin/tarcat /usr/sbin/tarcat Process not Found /usr/sbin/pwck /usr/sbin/pwck Process not Found /usr/sbin/vpddecode /usr/sbin/vpddecode Process not Found /usr/sbin/logrotate /usr/sbin/logrotate Process not Found /usr/sbin/chmem /usr/sbin/chmem Process not Found /usr/sbin/vipw /usr/sbin/vipw Process not Found /usr/sbin/update-dictcommon-hunspell /usr/sbin/update-dictcommon-hunspell Process not Found /usr/bin/readme /usr/bin/readme b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c /usr/sbin/aa-remove-unknown /usr/sbin/aa-remove-unknown Process not Found /usr/sbin/chpasswd /usr/sbin/chpasswd Process not Found -
Reads CPU attributes 1 TTPs 1 IoCs
description ioc Process /sys/devices/system/cpu/online /sys/devices/system/cpu/online b57e5f0c857e807a03770feb4d3aa254d2c4c8c8d9e08687796be30e2093286c