Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
152s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20221111-en -
resource tags
arch:mipselimage:debian9-mipsel-20221111-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem -
submitted
21/08/2023, 05:32
Behavioral task
behavioral1
Sample
bf23fbc3fb2294d577d408562d061d1d.elf
Resource
debian9-mipsel-20221111-en
General
-
Target
bf23fbc3fb2294d577d408562d061d1d.elf
-
Size
89KB
-
MD5
bf23fbc3fb2294d577d408562d061d1d
-
SHA1
ba622f06c935f9685a7cea5e456c5c3111636df0
-
SHA256
3a7739ddc9e0efc1391fabe38d8bc8ff221676628b678bba11345986d8a4f4c5
-
SHA512
07fc7769a281ba93fff0d5847d963d29391d711850fb0ebf74c80898b2cc6d5ddf4e6f526ef89ccdf4bc7ef821bdac97c6a4b3db9657edfc35e9ad970f46fb93
-
SSDEEP
1536:NYCYxrXP40ODyPwHRQ9PlzTRfyToNoZq/i:qCYxrKDy46N0
Malware Config
Signatures
-
Contacts a large (20333) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/misc/watchdog File opened for modification /dev/watchdog -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp -
Reads runtime system information 23 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/207/fd File opened for reading /proc/248/fd File opened for reading /proc/277/fd File opened for reading /proc/296/fd File opened for reading /proc/331/exe File opened for reading /proc/1/fd File opened for reading /proc/217/fd File opened for reading /proc/253/fd File opened for reading /proc/282/fd File opened for reading /proc/288/fd File opened for reading /proc/325/fd File opened for reading /proc/334/fd File opened for reading /proc/247/fd File opened for reading /proc/331/fd File opened for reading /proc/333/fd File opened for reading /proc/337/fd File opened for reading /proc/141/fd File opened for reading /proc/158/fd File opened for reading /proc/216/fd File opened for reading /proc/219/fd File opened for reading /proc/228/fd File opened for reading /proc/295/fd File opened for reading /proc/336/fd