Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

start.sh

ubuntu-18.04-amd64

6

start.sh

debian-9-armhf

6

start.sh

debian-9-mips

6

start.sh

debian-9-mipsel

6

Analysis

  • max time kernel
    4s
  • max time network
    121s
  • platform
    linux_mips
  • resource
    debian9-mipsbe-en-20211208
  • resource tags

    arch:mipsimage:debian9-mipsbe-en-20211208kernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    05/07/2023, 11:50

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    start.sh

  • Size

    1KB

  • MD5

    d94f826979b9c9f6fff5788e8b9d4425

  • SHA1

    0d2d9b9a71fdff445412c2197f7740414824ace3

  • SHA256

    5c2af09316a4a4a888f23cced4db98389c59547708c49b3d689c750327392ed6

  • SHA512

    26ac5d3ca7fd72b4ce028f568cac7e298ef9b399ae84aa36bb3271ad0127c8b86ee8f368d8d22f9d35e7949173577d799a9937aba1dcf7944a3051149f0ffd81

Score
6/10

Malware Config

Signatures

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Reads CPU attributes 1 TTPs 6 IoCs
  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/start.sh
    /tmp/start.sh
    1⤵
      PID:324
      • /bin/ps
        ps aux
        2⤵
        • Reads CPU attributes
        • Reads runtime system information
        PID:325
      • /bin/grep
        grep -v grep
        2⤵
          PID:326
        • /bin/grep
          grep /tmp/kill.sh
          2⤵
            PID:327
          • /usr/bin/awk
            awk "{print \$2}"
            2⤵
              PID:328
            • /usr/bin/xargs
              xargs -i kill -9 "{}"
              2⤵
                PID:329
              • /usr/bin/pgrep
                pgrep -f "while true do.*killall.*kdevtmpfsi.*kinsing.*xmrig"
                2⤵
                • Reads CPU attributes
                • Reads runtime system information
                PID:334
              • /usr/bin/xargs
                xargs -i kill -9 "{}"
                2⤵
                  PID:335
                • /bin/ps
                  ps aux
                  2⤵
                  • Reads CPU attributes
                  • Reads runtime system information
                  PID:336
                • /usr/bin/awk
                  awk "{if(\$3>40.0) print \$2}"
                  2⤵
                    PID:337
                  • /bin/ps
                    ps aux
                    2⤵
                    • Reads CPU attributes
                    • Reads runtime system information
                    PID:338
                  • /bin/grep
                    grep -v grep
                    2⤵
                      PID:339
                    • /bin/grep
                      grep tmp
                      2⤵
                        PID:340
                      • /usr/bin/awk
                        awk "{print \$2}"
                        2⤵
                          PID:341
                        • /usr/bin/xargs
                          xargs -i kill -9 "{}"
                          2⤵
                            PID:342
                            • /usr/local/sbin/kill
                              kill -9 9
                              3⤵
                                PID:343
                              • /usr/local/bin/kill
                                kill -9 9
                                3⤵
                                  PID:343
                                • /usr/sbin/kill
                                  kill -9 9
                                  3⤵
                                    PID:343
                                  • /usr/bin/kill
                                    kill -9 9
                                    3⤵
                                      PID:343
                                    • /sbin/kill
                                      kill -9 9
                                      3⤵
                                        PID:343
                                      • /bin/kill
                                        kill -9 9
                                        3⤵
                                        • Reads CPU attributes
                                        PID:343
                                      • /usr/local/sbin/kill
                                        kill -9 324
                                        3⤵
                                          PID:344
                                        • /usr/local/bin/kill
                                          kill -9 324
                                          3⤵
                                            PID:344
                                          • /usr/sbin/kill
                                            kill -9 324
                                            3⤵
                                              PID:344
                                            • /usr/bin/kill
                                              kill -9 324
                                              3⤵
                                                PID:344
                                              • /sbin/kill
                                                kill -9 324
                                                3⤵
                                                  PID:344
                                                • /bin/kill
                                                  kill -9 324
                                                  3⤵
                                                  • Reads CPU attributes
                                                  PID:344

                                            Network

                                            MITRE ATT&CK Enterprise v6

                                            Replay Monitor

                                            Loading Replay Monitor...

                                            Downloads