Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
154s -
platform
linux_amd64 -
resource
ubuntu1804-amd64-en-20211208 -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-en-20211208kernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
06/06/2023, 06:35
General
-
Target
xd.x86.elf
-
Size
29KB
-
MD5
27cdb18684ed957621948517c76d12b4
-
SHA1
6a1fa30eeb323c224128ad2d70051163349cea59
-
SHA256
c978005c04128657771c35425d201cd7a1438b7a2e0ab4eb75a2bcc452e78e78
-
SHA512
0aeae8bd73b9ffab19e0b3221a828c604e4f6deb81cc6b7669a8f5f8823ece81e337199b2ebaf34e57740c3f92a90e6514cad498d8cebce7583f8f8550fed6e2
-
SSDEEP
768:UN8f6tfoQmQAXV7E1QDvjnVAiSZd8H0GuOZk3WHSwqM:IMJXFl7IQjU6uj6
Malware Config
Extracted
mirai
LZRD
Signatures
-
Contacts a large (20130) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 35 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/287/fd File opened for reading /proc/425/fd File opened for reading /proc/593/exe File opened for reading /proc/372/fd File opened for reading /proc/589/fd File opened for reading /proc/453/exe File opened for reading /proc/580/exe File opened for reading /proc/582/exe File opened for reading /proc/1/fd File opened for reading /proc/358/fd File opened for reading /proc/586/exe File opened for reading /proc/359/fd File opened for reading /proc/453/fd File opened for reading /proc/423/exe File opened for reading /proc/425/exe File opened for reading /proc/451/exe File opened for reading /proc/596/exe File opened for reading /proc/252/fd File opened for reading /proc/423/fd File opened for reading /proc/583/exe File opened for reading /proc/345/fd File opened for reading /proc/451/fd File opened for reading /proc/361/fd File opened for reading /proc/379/fd File opened for reading /proc/580/fd File opened for reading /proc/586/fd File opened for reading /proc/588/fd File opened for reading /proc/417/exe File opened for reading /proc/251/fd File opened for reading /proc/360/fd File opened for reading /proc/342/fd File opened for reading /proc/364/fd File opened for reading /proc/581/exe File opened for reading /proc/221/fd File opened for reading /proc/285/fd