Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
i686-20230706-2014.elf
-
Size
85KB
-
Sample
230706-y1jteafc31
-
MD5
3a488d963fe17ea509a1be4eaf24a54c
-
SHA1
385ab8c607ce2c2f98d505d58fce30f3705643b0
-
SHA256
d09c826922f1d1763cb4d8d0bca8f49c21ff07b0dbbcd3dab3f48a8bc42efe97
-
SHA512
51c8173124d056d853e4e436e1fa3584cea9c494d8d8820a05b650c197438912bfd3caf6bbeb8046311d17ba2635f888b34f4b82c365f1a3fa022999da2222b1
-
SSDEEP
1536:t3VCKU+t5pCW2B8hy0WnCtUY2dmA5KHoFv+nVj/5n3DZI3q0u:tBLt5pCW2B8ICtV2dB5UEE/53DZ8q0u
Malware Config
Targets
-
-
Target
i686-20230706-2014.elf
-
Size
85KB
-
MD5
3a488d963fe17ea509a1be4eaf24a54c
-
SHA1
385ab8c607ce2c2f98d505d58fce30f3705643b0
-
SHA256
d09c826922f1d1763cb4d8d0bca8f49c21ff07b0dbbcd3dab3f48a8bc42efe97
-
SHA512
51c8173124d056d853e4e436e1fa3584cea9c494d8d8820a05b650c197438912bfd3caf6bbeb8046311d17ba2635f888b34f4b82c365f1a3fa022999da2222b1
-
SSDEEP
1536:t3VCKU+t5pCW2B8hy0WnCtUY2dmA5KHoFv+nVj/5n3DZI3q0u:tBLt5pCW2B8ICtV2dB5UEE/53DZ8q0u
Score9/10-
Contacts a large (275901) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Modifies password files for system users/ groups
Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.
-
Deletes itself
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Modifies init.d
Adds/modifies system service, likely for persistence.
-
Modifies rc script
Adding/modifying system rc scripts is a common persistence mechanism.
-
Writes file to system bin folder
-
Modifies Bash startup script
-