Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

NEAS.14118...JC.elf

debian-9-armhf

7

Analysis

  • max time kernel
    145s
  • max time network
    153s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20230831-en
  • resource tags

    arch:armhfimage:debian9-armhf-20230831-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    15/10/2023, 14:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    NEAS.14118093cf16f93a86ff29c5bce11f7ff7f9cc5c7ba20f12e6368c7075915668elf_JC.elf

  • Size

    86KB

  • MD5

    f621331783c1d2f65f2a42857fc4aea5

  • SHA1

    cb57892abea2dae13c5e18e715c9d60d298f02a3

  • SHA256

    14118093cf16f93a86ff29c5bce11f7ff7f9cc5c7ba20f12e6368c7075915668

  • SHA512

    30a6a12ead663f73ee96949ea422f29695ada81e12f2e019896c17f42c58f49f68eaa7bf6ff7493094c08edcc31dd014d199c8f164d846a5669c803d68161f96

  • SSDEEP

    1536:Y1n4c5QX0ZHQCO7WRWtn6oCpEXYgs0XI16EzTAelvyoNib6lathqZtY7C8c+P:uO7v0kXYgs0416ET46lathqzd8c+P

Score
7/10

Malware Config

Signatures

  • Flushes firewall rules 4 IoCs

    Flushes/ disables firewall rules inside the Linux kernel.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Writes DNS configuration 1 TTPs 1 IoCs

    Writes data to DNS resolver config file.

Processes

  • /tmp/NEAS.14118093cf16f93a86ff29c5bce11f7ff7f9cc5c7ba20f12e6368c7075915668elf_JC.elf
    /tmp/NEAS.14118093cf16f93a86ff29c5bce11f7ff7f9cc5c7ba20f12e6368c7075915668elf_JC.elf
    1⤵
    • Writes DNS configuration
    PID:372
  • /sbin/iptables
    iptables -P INPUT ACCEPT
    1⤵
      PID:375
    • /sbin/iptables
      iptables -P FORWARD ACCEPT
      1⤵
        PID:378
      • /sbin/iptables
        iptables -P OUTPUT ACCEPT
        1⤵
          PID:380
        • /sbin/iptables
          iptables -t nat -F
          1⤵
          • Flushes firewall rules
          PID:384
        • /sbin/iptables
          iptables -t mangle -F
          1⤵
          • Flushes firewall rules
          PID:391
        • /sbin/iptables
          iptables -F
          1⤵
          • Flushes firewall rules
          PID:394
        • /sbin/iptables
          iptables -X
          1⤵
          • Flushes firewall rules
          PID:395

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads