Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    10s
  • max time network
    133s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231026-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231026-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    07/11/2023, 14:26

General

  • Target

    soldatserver

  • Size

    409KB

  • MD5

    72546a312bcff6a4d2780645ced77657

  • SHA1

    48a5ec7279c5941b9fef3ce970f3dac191d7d2b5

  • SHA256

    32619c97ae134343462191778ae1bcbc784183f1121080650e48432b99cbceaf

  • SHA512

    0e577dc333fe2bcdb75362ef87a574b86a6b101638129b8f08039ba37758b95701f36c233aa7083da696481d66244c988a72fe9f708ad42003d4e8fb6c96f21e

  • SSDEEP

    6144:XDA3gByd5Z4WxzQIbWeYXexkjYJtGnStdQiEUqHQitJZb0aXaV9W6pW1Coh:sMxWXbWqmEJtQStdQiArbcVNQ1C2

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/soldatserver
    /tmp/soldatserver
    1⤵
    • Reads runtime system information
    • Writes file to tmp directory
    PID:1540
  • /proc/1540/fd/3
    /tmp/soldatserver
    1⤵
      PID:1540
    • /tmp/upxD5GW1NIABQE
      /tmp/soldatserver
      1⤵
      • Executes dropped EXE
      PID:1540

    Network

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • /tmp/upxD5GW1NIABQE

      Filesize

      959KB

      MD5

      84201d83d928ea1890b9185ca58719b9

      SHA1

      31045a324ce208c45811f33f43c65f857e79a2b0

      SHA256

      c4abdcdc0aa95fd5eb3c380dbef3c216a22e68f9060555a863f5986c6fb8fb36

      SHA512

      188d749ec220a7e88f004e9e17f1b8a4b5f68acdf75eec2330dd5fc8bce7d2df37c3d28cadcd8cb01d6f44b2734121bcfe2eb71e46277a258fc420a9c2c03c29