Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
30/06/2023, 13:02
230630-p9sm8sch54 1030/06/2023, 13:01
230630-p9agnach53 1003/06/2023, 13:11
230603-qeyfnsgg87 1003/06/2023, 11:04
230603-m59d3sgh6y 10Analysis
-
max time kernel
152s -
max time network
148s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20221111-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20221111-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
03/06/2023, 11:04
Behavioral task
behavioral1
Sample
x86.elf
Resource
ubuntu1804-amd64-20221111-en
ubuntu-18.04-amd64
4 signatures
150 seconds
General
-
Target
x86.elf
-
Size
62KB
-
MD5
6d408f7b4024fbc36d46750929dfaa73
-
SHA1
deda79e105655a636775baa693b29662c4f013af
-
SHA256
8f5d60f0e71b599b733a27d5a5ba0ff91206f3e75eba8bd385ab825e714e7958
-
SHA512
eaeb3d9a94e9d6fdd57a0a1ca5cc3c33f4780a0eb60ff16d61dda6da29ffdecdb1ccb80b3b3368cb53ebbb6b63dc993d41055f47047a39364a05b733ee210cd5
-
SSDEEP
1536:dafqyXRXIa1/S663fyQDY8LUFN/s1VFmf2OixBrG:dO1XRXI+P6vyuY8LU7/sRk2+
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /bin/ifconfig 599 x86.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/738/status Process not Found File opened for reading /proc/12/status Process not Found File opened for reading /proc/399/status Process not Found File opened for reading /proc/607/status Process not Found File opened for reading /proc/filesystems mkdir File opened for reading /proc/10/status Process not Found File opened for reading /proc/14/status Process not Found File opened for reading /proc/5/status Process not Found File opened for reading /proc/345/status Process not Found File opened for reading /proc/346/status Process not Found File opened for reading /proc/410/status Process not Found File opened for reading /proc/374/status Process not Found File opened for reading /proc/735/status Process not Found File opened for reading /proc/608/status Process not Found File opened for reading /proc/82/status Process not Found File opened for reading /proc/83/status Process not Found File opened for reading /proc/381/status Process not Found File opened for reading /proc/408/status Process not Found File opened for reading /proc/568/status Process not Found File opened for reading /proc/729/status Process not Found File opened for reading /proc/8/status Process not Found File opened for reading /proc/89/status Process not Found File opened for reading /proc/263/status Process not Found File opened for reading /proc/179/status Process not Found File opened for reading /proc/732/status Process not Found File opened for reading /proc/739/status Process not Found File opened for reading /proc/19/status Process not Found File opened for reading /proc/27/status Process not Found File opened for reading /proc/734/status Process not Found File opened for reading /proc/11/status Process not Found File opened for reading /proc/36/status Process not Found File opened for reading /proc/115/status Process not Found File opened for reading /proc/172/status Process not Found File opened for reading /proc/182/status Process not Found File opened for reading /proc/737/status Process not Found File opened for reading /proc/78/status Process not Found File opened for reading /proc/165/status Process not Found File opened for reading /proc/741/status Process not Found File opened for reading /proc/6/status Process not Found File opened for reading /proc/20/status Process not Found File opened for reading /proc/22/status Process not Found File opened for reading /proc/167/status Process not Found File opened for reading /proc/606/status Process not Found File opened for reading /proc/7/status Process not Found File opened for reading /proc/81/status Process not Found File opened for reading /proc/129/status Process not Found File opened for reading /proc/175/status Process not Found File opened for reading /proc/733/status Process not Found File opened for reading /proc/3/status Process not Found File opened for reading /proc/4/status Process not Found File opened for reading /proc/30/status Process not Found File opened for reading /proc/597/status Process not Found File opened for reading /proc/13/status Process not Found File opened for reading /proc/34/status Process not Found File opened for reading /proc/168/status Process not Found File opened for reading /proc/169/status Process not Found File opened for reading /proc/595/status Process not Found File opened for reading /proc/24/status Process not Found File opened for reading /proc/35/status Process not Found File opened for reading /proc/79/status Process not Found File opened for reading /proc/2/status Process not Found File opened for reading /proc/16/status Process not Found File opened for reading /proc/545/status Process not Found File opened for reading /proc/740/status Process not Found -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/bin/ifconfig sh
Processes
-
/tmp/x86.elf/tmp/x86.elf1⤵
- Changes its process name
PID:599 -
/bin/shsh -c "rm -rf bin/ifconfig && mkdir bin; >bin/ifconfig && mv /tmp/x86.elf bin/ifconfig; chmod 777 bin/ifconfig"2⤵
- Writes file to tmp directory
PID:600 -
/bin/rmrm -rf bin/ifconfig3⤵PID:601
-
-
/bin/mkdirmkdir bin3⤵
- Reads runtime system information
PID:602
-
-
/bin/mvmv /tmp/x86.elf bin/ifconfig3⤵PID:603
-
-
/bin/chmodchmod 777 bin/ifconfig3⤵PID:604
-
-