Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

named.1

ubuntu-18.04-amd64

9

names.1

ubuntu-18.04-amd64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cf7f60f766f1088de16ea59605c5abe8ff6f5c727c1aa34af946ba137eb486ad

  • Size

    2.9MB

  • Sample

    231011-d8sfascc73

  • MD5

    28a1fb890de1e539cda880c40f1029f9

  • SHA1

    3a830c127989d2fb9da573d52be9602ce205f0f7

  • SHA256

    cf7f60f766f1088de16ea59605c5abe8ff6f5c727c1aa34af946ba137eb486ad

  • SHA512

    baa4a6f3c92cbb47790f3f795b9c7044de78307acf1578ca375674a222a80affacb6054a16654b9382c6c8c25a589d8cc3e47a2756f8c8ea3e70457bd4d544bd

  • SSDEEP

    49152:5e1HQX/PD6fPvN8DroiJLj9PizFNP2XNC9DlyKtu0cMN8nQX0QcmJNzrDrY1IIGj:5eS/PyX2roiNj96juKhyKtVF8nS0fiND

Score
10/10
xmrigantivmlinuxminerpersistencerootkit

Malware Config

Targets

    • Target

      named.1

    • Size

      18KB

    • MD5

      edef2cc0c07ee7bb07bec2dbe73b13a0

    • SHA1

      cd4a9987debc184e41d0f1944728c49fceafdd22

    • SHA256

      3876cd0db7b1d79c9710091ab61d4711323f25ab14c80ca38456e74a1fe3df0d

    • SHA512

      3e39b974c37ef8ded6465cc076d2244bb18261fa41c4607b1710c710652fd526a6f0e056d7cff3b65c62b06ca684052d0a26e16b15afc41bc7db77e816bd68a6

    • SSDEEP

      384:/rMKen0Xvn/3PHfXvn/3PHfayqC6pNiAKGDirAV2tEIjvm:I90Xvn/3PHfXvn/3PHfayqC6p2V82nje

    Score
    9/10
    persistencerootkit

    • Modifies the dynamic linker configuration file

      Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.

      persistence

    • Flushes firewall rules

      Flushes/ disables firewall rules inside the Linux kernel.

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Attempts to change immutable files

      Modifies inode attributes on the filesystem to allow changing of immutable files.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads CPU attributes

    • Writes file to system bin folder

    behavioral1

    • Target

      names.1

    • Size

      6.6MB

    • MD5

      36b2fb7421b4415bd6bbac089d53d920

    • SHA1

      6000b336aee1597daadd22b3895fef158a0696ef

    • SHA256

      ddf26b7d856715d18fee4eb97fccc37056aa91e55f13795f1d3f15f47fd4cd5b

    • SHA512

      f23ecc79caa81a1ae6f46e7db01b94424b6f60e8775fed90cc08d59419e3aaea6c436efd7453b61c7fced9ad2dd5c03de01b34c1795eb41721921a2348d62319

    • SSDEEP

      98304:Ww8KkVc+dM/ukJz10lwhnSk7bNXIhu41PEfcy1voNVNadkSDjPEOsZlk6egJQ4/r:fkVc+M1H4ywD8TioVg

    Score
    7/10
    antivmrootkit

    • Loads a kernel module

      Loads a Linux kernel module, potentially to achieve persistence

      rootkit

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Reads CPU attributes

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    behavioral2

MITRE ATT&CK Enterprise v15

Tasks