Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

shell-bot/22

ubuntu-18.04-amd64

7

shell-bot/a.out

ubuntu-18.04-amd64

1

shell-bot/cfs

ubuntu-18.04-amd64

7

shell-bot/cfs

debian-9-armhf

7

shell-bot/cfs

debian-9-mips

7

shell-bot/cfs

debian-9-mipsel

1

shell-bot/...SE.vbs

windows7-x64

1

shell-bot/...SE.vbs

windows10-2004-x64

1

shell-bot/...rt.vbs

windows7-x64

1

shell-bot/...rt.vbs

windows10-2004-x64

1

shell-bot/...es.vbs

windows7-x64

1

shell-bot/...es.vbs

windows10-2004-x64

1

shell-bot/...Config

ubuntu-18.04-amd64

3

shell-bot/...Config

debian-9-armhf

1

shell-bot/...Config

debian-9-mips

3

shell-bot/...Config

debian-9-mipsel

3

shell-bot/...t.so:.

ubuntu-18.04-amd64

1

shell-bot/...gen.sh

ubuntu-18.04-amd64

1

shell-bot/...gen.sh

debian-9-armhf

1

shell-bot/...gen.sh

debian-9-mips

1

shell-bot/...gen.sh

debian-9-mipsel

1

shell-bot/...ig.vbs

windows7-x64

1

shell-bot/...ig.vbs

windows10-2004-x64

1

shell-bot/...re.vbs

windows7-x64

1

shell-bot/...re.vbs

windows10-2004-x64

1

shell-bot/...ngelog

ubuntu-18.04-amd64

3

shell-bot/...ngelog

debian-9-armhf

1

shell-bot/...ngelog

debian-9-mips

shell-bot/...ngelog

debian-9-mipsel

1

shell-bot/...nstall

ubuntu-18.04-amd64

1

shell-bot/...nstall

debian-9-armhf

1

shell-bot/...nstall

debian-9-mips

1

Analysis

  • max time kernel
    7s
  • max time network
    134s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231026-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231026-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    14/11/2023, 07:28

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    shell-bot/ftp-server/Unreal3.2.10.2/Config

  • Size

    23KB

  • MD5

    256df7a3136d4d70424b554a45dd2e57

  • SHA1

    f98f5872f028a30cde9ec8c430dd18227951f3d4

  • SHA256

    bdde872ca15a023b0bfb60e8ab4b7932dbbbea07f2f8d511f68c342b8c9ef2ed

  • SHA512

    05aac0134dc25ac7acc18fe1c0709c341f4554e1687c5c82d2fa53d35cb49cef97235dfaebe9b4cd21e903c7b765bb58eecd04beb0dc1ae1804389cdb6949053

  • SSDEEP

    192:gPDKkNrINXIV5nWH9WxSp5dnn9256gKb/xgFSvbBvwnnJisMtp9J6bOIO1i+zivO:gPDKIkN4V5nemlJ2HJB1fUF4H

Score
3/10

Malware Config

Signatures

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/shell-bot/ftp-server/Unreal3.2.10.2/Config
    /tmp/shell-bot/ftp-server/Unreal3.2.10.2/Config
    1⤵
    • Writes file to tmp directory
    PID:1550
    • /usr/bin/clear
      clear
      2⤵
        PID:1555
      • /bin/more
        more .CHANGES.NEW
        2⤵
          PID:1556
        • /usr/bin/clear
          clear
          2⤵
            PID:1557
          • /bin/more
            more .RELEASE.NOTES
            2⤵
              PID:1558
            • /usr/bin/clear
              clear
              2⤵
                PID:1559
              • /bin/rm
                rm -f config.settings
                2⤵
                  PID:1560
                • /bin/cat
                  cat
                  2⤵
                    PID:1561
                  • /tmp/shell-bot/ftp-server/Unreal3.2.10.2/configure
                    ./configure --with-showlistmodes "--with-listen=5" "--with-dpath=/home/netcat/Unreal3.2.10.2" "--with-spath=/home/netcat/Unreal3.2.10.2/src/ircd" "--with-nick-history=2000" "--with-sendq=3000000" "--with-bufferpool=18" "--with-permissions=0600" "--with-fd-setsize=1024" --enable-dynamic-linking
                    2⤵
                      PID:1562

                  Network

                  MITRE ATT&CK Matrix

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /tmp/shell-bot/ftp-server/Unreal3.2.10.2/config.settings
                    Filesize

                    481B

                    MD5

                    f745ec2d18867f6a562e14d95d000086

                    SHA1

                    95db9bbcccec141d5d538b2c9939d8f2d244c073

                    SHA256

                    349d4d1d30af56b48fc98c275ee5300a71135785855ea8cac4101a4220ba98ca

                    SHA512

                    b217c7163246b0c729785663d95b58245e8ec9e271c6dd8b1ded1fc3a341d58a7a73e7561a24ce8ae319546ed4c75969049a3145bb96d9e30dfc66bcf25863b9

                    Download Submit