Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20221111-en -
resource tags
arch:armhfimage:debian9-armhf-20221111-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
18/04/2023, 12:45
Behavioral task
behavioral1
Sample
fedd7b9e3fb66cd8a521a5e1916696ae.elf
Resource
debian9-armhf-20221111-en
General
-
Target
fedd7b9e3fb66cd8a521a5e1916696ae.elf
-
Size
104KB
-
MD5
fedd7b9e3fb66cd8a521a5e1916696ae
-
SHA1
8d74dc8783724da05a20135c7225d12c68dbb2aa
-
SHA256
90afe1dbb17c11ff9bc870842bcda7d9829a996b4f40de6a40e1235ce9d15fba
-
SHA512
ce03cc85fb2c31c130212e9c37f64d4086a59a31ee72bb2076b0c37ec1f5d44a2842067dbcdca8dbe4d8c5c1412bf4177f8c6d4ef8f7f946cd9ca1b57de92411
-
SSDEEP
3072:olhUX+jP9NWjVzH4hh+d2TBvMt9M/9QhMeF:oUujPWjVzH0hPvMXM/9QhMeF
Malware Config
Signatures
-
Modifies the Watchdog daemon 1 TTPs
Malware like Mirai modify the Watchdog to prevent it restarting an infected system.
-
Contacts a large (1493) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc /proc/9/maps /proc/9/maps /proc/12/cmdline /proc/12/cmdline /proc/41/maps /proc/41/maps /proc/144/maps /proc/144/maps /proc/307/maps /proc/307/maps /proc/363/maps /proc/363/maps /proc/368/maps /proc/368/maps /proc/3/maps /proc/3/maps /proc/271/cmdline /proc/271/cmdline /proc/390/maps /proc/390/maps /proc/18/maps /proc/18/maps /proc/103/cmdline /proc/103/cmdline /proc/388/cmdline /proc/388/cmdline /proc/350/maps /proc/350/maps /proc/350/cmdline /proc/350/cmdline /proc/386/maps /proc/386/maps /proc/10/cmdline /proc/10/cmdline /proc/5/cmdline /proc/5/cmdline /proc/26/maps /proc/26/maps /proc/26/cmdline /proc/26/cmdline /proc/103/maps /proc/103/maps /proc/307/cmdline /proc/307/cmdline /proc/356/maps /proc/356/maps /proc/356/cmdline /proc/356/cmdline /proc/383/maps /proc/383/maps /proc/15/maps /proc/15/maps /proc/226/maps /proc/226/maps /proc/348/cmdline /proc/348/cmdline /proc/378/maps /proc/378/maps /proc/380/maps /proc/380/maps /proc/1/cmdline /proc/1/cmdline /proc/6/maps /proc/6/maps /proc/12/maps /proc/12/maps /proc/18/cmdline /proc/18/cmdline /proc/20/maps /proc/20/maps /proc/22/maps /proc/22/maps /proc/25/maps /proc/25/maps /proc/165/maps /proc/165/maps /proc/273/cmdline /proc/273/cmdline /proc/11/cmdline /proc/11/cmdline /proc/15/cmdline /proc/15/cmdline /proc/20/cmdline /proc/20/cmdline /proc/206/maps /proc/206/maps /proc/223/cmdline /proc/223/cmdline /proc/11/maps /proc/11/maps /proc/2/maps /proc/2/maps /proc/24/cmdline /proc/24/cmdline /proc/134/maps /proc/134/maps /proc/270/cmdline /proc/270/cmdline /proc/273/maps /proc/273/maps /proc/341/cmdline /proc/341/cmdline /proc/374/maps /proc/374/maps /proc/5/maps /proc/5/maps /proc/29/maps /proc/29/maps /proc/41/cmdline /proc/41/cmdline /proc/42/cmdline /proc/42/cmdline /proc/106/cmdline /proc/106/cmdline /proc/140/cmdline /proc/140/cmdline /proc/351/maps /proc/351/maps /proc/373/maps /proc/373/maps /proc/378/cmdline /proc/378/cmdline /proc/16/maps /proc/16/maps /proc/27/maps /proc/27/maps /proc/43/cmdline /proc/43/cmdline -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process /tmp/fedd7b9e3fb66cd8a521a5e1916696ae.elf /tmp/fedd7b9e3fb66cd8a521a5e1916696ae.elf fedd7b9e3fb66cd8a521a5e1916696ae.elf