Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
40274s -
max time network
152s -
platform
linux_mips -
resource
debian9-mipsbe-en-20211208 -
resource tags
arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
19/03/2023, 20:26
Behavioral task
behavioral1
Sample
bok.mips.elf
Resource
debian9-mipsbe-en-20211208
debian-9-mips
General
-
Target
bok.mips.elf
-
Size
35KB
-
MD5
e6df40d7a8466659262ba7ccedcde3f3
-
SHA1
02149fef9322b9d27d4f524f695530312318cb9a
-
SHA256
29ccf8a259158899ed74ae8ed63b9dc78a7a42a38c775f907426829c22dadb45
-
SHA512
38591aa9a60b16458b63566c0766387a3bb4e1ff8f1b308f20d3ba1729b78c9e8528a808d4e431cd2e6be75dc1b6a1bfe05a0115653599857caeb444e6d6bee4
-
SSDEEP
768:elMB/UAIKEfqGrWwGUezx0ip2bT5oApNyBhvtsr1RzeyjsQ7SO0RJgGlzDpbuR16:eiBsAIurwGXxobloAybvtORz9jF4VJu2
Malware Config
Signatures
-
Contacts a large (44792) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/291/cmdline /proc/291/cmdline /proc/15/cmdline /proc/15/cmdline /proc/18/cmdline /proc/18/cmdline /proc/78/cmdline /proc/78/cmdline /proc/216/cmdline /proc/216/cmdline /proc/290/cmdline /proc/290/cmdline /proc/280/cmdline /proc/280/cmdline /proc/347/cmdline /proc/347/cmdline /proc/6/cmdline /proc/6/cmdline /proc/23/cmdline /proc/23/cmdline /proc/36/cmdline /proc/36/cmdline /proc/114/cmdline /proc/114/cmdline /proc/273/cmdline /proc/273/cmdline /proc/351/cmdline /proc/351/cmdline /proc/354/cmdline /proc/354/cmdline /proc/4/cmdline /proc/4/cmdline /proc/9/cmdline /proc/9/cmdline /proc/10/cmdline /proc/10/cmdline /proc/24/cmdline /proc/24/cmdline /proc/341/cmdline /proc/341/cmdline /proc/344/cmdline /proc/344/cmdline /proc/74/cmdline /proc/74/cmdline /proc/115/cmdline /proc/115/cmdline /proc/138/cmdline /proc/138/cmdline /proc/281/cmdline /proc/281/cmdline /proc/334/cmdline /proc/334/cmdline /proc/325/cmdline /proc/325/cmdline /proc/345/cmdline /proc/345/cmdline /proc/348/cmdline /proc/348/cmdline /proc/330/cmdline /proc/330/cmdline /proc/331/cmdline /proc/331/cmdline /proc/337/cmdline /proc/337/cmdline /proc/3/cmdline /proc/3/cmdline /proc/204/cmdline /proc/204/cmdline /proc/212/cmdline /proc/212/cmdline /proc/214/cmdline /proc/214/cmdline /proc/217/cmdline /proc/217/cmdline /proc/350/cmdline /proc/350/cmdline /proc/358/cmdline /proc/358/cmdline /proc/335/cmdline /proc/335/cmdline /proc/338/cmdline /proc/338/cmdline /proc/339/cmdline /proc/339/cmdline /proc/17/cmdline /proc/17/cmdline /proc/21/cmdline /proc/21/cmdline /proc/76/cmdline /proc/76/cmdline /proc/83/cmdline /proc/83/cmdline /proc/103/cmdline /proc/103/cmdline /proc/355/cmdline /proc/355/cmdline /proc/7/cmdline /proc/7/cmdline /proc/14/cmdline /proc/14/cmdline /proc/336/cmdline /proc/336/cmdline /proc/349/cmdline /proc/349/cmdline /proc/5/cmdline /proc/5/cmdline /proc/81/cmdline /proc/81/cmdline /proc/213/cmdline /proc/213/cmdline /proc/249/cmdline /proc/249/cmdline /proc/346/cmdline /proc/346/cmdline /proc/356/cmdline /proc/356/cmdline /proc/16/cmdline /proc/16/cmdline /proc/70/cmdline /proc/70/cmdline /proc/242/cmdline /proc/242/cmdline /proc/342/cmdline /proc/342/cmdline /proc/343/cmdline /proc/343/cmdline /proc/37/cmdline /proc/37/cmdline -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/bok.mips.elf /tmp/bok.mips.elf bok.mips.elf