Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
144s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20230831-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20230831-enkernel:4.15.0-161-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
18/09/2023, 01:33
Behavioral task
behavioral1
Sample
68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd.elf
Resource
ubuntu1804-amd64-20230831-en
General
-
Target
68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd.elf
-
Size
113KB
-
MD5
36555ac6a89890b5fc6d1dfc654b1111
-
SHA1
b46f7130ba49ca18cf98432faf90a4e45e7ec89c
-
SHA256
68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd
-
SHA512
f43fdf84784fd93e1c62adb3b0929c9c312b51b620312ad234c42d6ef4d94946861c5bde336fcf7e64bdde20fa50d40356b1e78351032ad50cc7c36810f6d62a
-
SSDEEP
3072:kiry859a2ADJf9wHYqbgFFo8+HeA6+TRCm7FnVqfJXFWbNb:T9a2aLqkrM1sm7FnVqfJXFWbNb
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /usr/sbin/dropbear 603 68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/route 68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/route 68e2b5037fc0028c977a8d65cd42627fa7d52353371870239eec76f9a88b30dd.elf