Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    i686-20230706-2014.elf

  • Size

    85KB

  • Sample

    230706-y1jteafc31

  • MD5

    3a488d963fe17ea509a1be4eaf24a54c

  • SHA1

    385ab8c607ce2c2f98d505d58fce30f3705643b0

  • SHA256

    d09c826922f1d1763cb4d8d0bca8f49c21ff07b0dbbcd3dab3f48a8bc42efe97

  • SHA512

    51c8173124d056d853e4e436e1fa3584cea9c494d8d8820a05b650c197438912bfd3caf6bbeb8046311d17ba2635f888b34f4b82c365f1a3fa022999da2222b1

  • SSDEEP

    1536:t3VCKU+t5pCW2B8hy0WnCtUY2dmA5KHoFv+nVj/5n3DZI3q0u:tBLt5pCW2B8ICtV2dB5UEE/53DZ8q0u

Malware Config

Targets

    • Target

      i686-20230706-2014.elf

    • Size

      85KB

    • MD5

      3a488d963fe17ea509a1be4eaf24a54c

    • SHA1

      385ab8c607ce2c2f98d505d58fce30f3705643b0

    • SHA256

      d09c826922f1d1763cb4d8d0bca8f49c21ff07b0dbbcd3dab3f48a8bc42efe97

    • SHA512

      51c8173124d056d853e4e436e1fa3584cea9c494d8d8820a05b650c197438912bfd3caf6bbeb8046311d17ba2635f888b34f4b82c365f1a3fa022999da2222b1

    • SSDEEP

      1536:t3VCKU+t5pCW2B8hy0WnCtUY2dmA5KHoFv+nVj/5n3DZI3q0u:tBLt5pCW2B8ICtV2dB5UEE/53DZ8q0u

    • Contacts a large (275901) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Modifies password files for system users/ groups

      Modifies files storing password hashes of existing users/ groups, likely to grant additional privileges.

    • Deletes itself

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Creates/modifies environment variables

      Creating/modifying environment variables is a common persistence mechanism.

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies rc script

      Adding/modifying system rc scripts is a common persistence mechanism.

    • Writes file to system bin folder

    • Modifies Bash startup script

MITRE ATT&CK Enterprise v6

Tasks