Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

ex.sh

ubuntu-18.04-amd64

7

ex.sh

debian-9-armhf

7

ex.sh

debian-9-mips

10

ex.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ex.sh

  • Size

    33KB

  • Sample

    230605-zebfksbc9w

  • MD5

    64cee920fe0de7406b82e77d2a050643

  • SHA1

    4b9f0472a54a14fb88b67ce15d5771ee59c634eb

  • SHA256

    3859228f749da18c65d0dab3f5efa45485967db2751a5a5ca604d06e5ff0607b

  • SHA512

    5bfc29d014ed5746c015cf4e3695020e66192810227edfd589ab358022df0f8d25d24cd04aa3c3650f47fe6c8fcbe3a4bf05995f484fc8a259678755e8459320

  • SSDEEP

    384:aAC6+7pQwKL//OMHDf6jlpTWg3vMGQiirhv6R+wMeWGj4CC9vEKMvU/4Qdre21j/:S7LzQ5VFNcDAFLcIwgnoYq0xFBrHtguz

Score
10/10
xmrig_linuxevasionlinuxminerpersistencerootkit

Malware Config

Targets

    • Target

      ex.sh

    • Size

      33KB

    • MD5

      64cee920fe0de7406b82e77d2a050643

    • SHA1

      4b9f0472a54a14fb88b67ce15d5771ee59c634eb

    • SHA256

      3859228f749da18c65d0dab3f5efa45485967db2751a5a5ca604d06e5ff0607b

    • SHA512

      5bfc29d014ed5746c015cf4e3695020e66192810227edfd589ab358022df0f8d25d24cd04aa3c3650f47fe6c8fcbe3a4bf05995f484fc8a259678755e8459320

    • SSDEEP

      384:aAC6+7pQwKL//OMHDf6jlpTWg3vMGQiirhv6R+wMeWGj4CC9vEKMvU/4Qdre21j/:S7LzQ5VFNcDAFLcIwgnoYq0xFBrHtguz

    Score
    10/10
    evasionpersistencerootkitxmrig_linuxminer

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig_linux

    • Deletes system logs

      Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

      evasion

    • Executes dropped EXE

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Disables AppArmor

      Disables AppArmor security module.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads CPU attributes

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks