Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Resubmissions
28/02/2024, 12:59 UTC
240228-p8k7rscb68 728/02/2024, 12:57 UTC
240228-p7bxpscb5x 320/09/2023, 08:57 UTC
230920-kw2xjafc6y 7Analysis
-
max time kernel
3s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20230831-en -
resource tags
-
submitted
20/09/2023, 08:57 UTC
General
-
Target
ezuri_bash
-
Size
3.2MB
-
MD5
faf3c04a044683fa3f7978f4bb1fc732
-
SHA1
9d23e1288db008c6f2f146ce26abf70b6fbda6f5
-
SHA256
80364381a30f8fd90b884eed07dacb5692d6b972487f62f483b44504b618dfe5
-
SHA512
100a6b04d98a9622296b6c91ab66f9b4a275891659becea273ba7639f8079d97d18874b7ee69d6c1103a083fa032efa03b917a429fd4e90b97a3d9379606ac0d
-
SSDEEP
49152:m2xGTg4WWggft6UwDp4TYRYd37JS+/OOg0HE+IONTNPz61YhBePAltOWeyaWZxDn:FY/C637J3Jg0HcYBPeqX5eyrZZRzB/Yc
Malware Config
Signatures
-
Runs EXE from memory 1 IoCs
Runs an executable from memory, likely to minimize footprint
-
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
Processes
-
/tmp/ezuri_bash/tmp/ezuri_bash1⤵
- Enumerates kernel/hardware configuration
-
/proc/self/fd/304a484f27a4b485b28451923605d9b528453d6c098a5a5112bec859fb5f2eea91⤵
- Runs EXE from memory
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
1.1MB
MD57063c3930affe123baecd3b340f1ad2c
SHA141ba1bd49cb22466e422098d184bd4267ef9529e
SHA25604a484f27a4b485b28451923605d9b528453d6c098a5a5112bec859fb5f2eea9
SHA512b9bff09b39fbaa8db91d081b04993e93a4a76ab81c8450cf858f63809667e6b314e5fbb48e9d35df774ad091daf2caff03fafabf89bfe77ec1e8680f33306be1