Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
03eece0ed7f82e1c3837a689fed92310
-
Size
150KB
-
Sample
231219-2as6yafadm
-
MD5
03eece0ed7f82e1c3837a689fed92310
-
SHA1
cbc9ccfe037996e783195046572a14dd6da010d2
-
SHA256
0e8edef1570f6580923358f110b48049402035b32e20b59895766d2727bbc961
-
SHA512
7eec579f551fddcbe84345b002407047f0c9e1c12270b00af232caed3551eaa56cc4aaa892bc61a41536e7b7a1cf1675f4f361ea395c975ec5abc8d034d95768
-
SSDEEP
3072:YfA8x4tQotpnpW4l5BLAgQkexp+5g9JUpjOhmN0sVhpzDkp0rN:OA7Ps4lDAgJI78t+mN0sVhpzDkp0rN
Behavioral task
behavioral1
Sample
03eece0ed7f82e1c3837a689fed92310
Resource
ubuntu1804-amd64-20231215-en
Malware Config
Extracted
gafgyt
127.0.0.1:7547
Targets
-
-
Target
03eece0ed7f82e1c3837a689fed92310
-
Size
150KB
-
MD5
03eece0ed7f82e1c3837a689fed92310
-
SHA1
cbc9ccfe037996e783195046572a14dd6da010d2
-
SHA256
0e8edef1570f6580923358f110b48049402035b32e20b59895766d2727bbc961
-
SHA512
7eec579f551fddcbe84345b002407047f0c9e1c12270b00af232caed3551eaa56cc4aaa892bc61a41536e7b7a1cf1675f4f361ea395c975ec5abc8d034d95768
-
SSDEEP
3072:YfA8x4tQotpnpW4l5BLAgQkexp+5g9JUpjOhmN0sVhpzDkp0rN:OA7Ps4lDAgJI78t+mN0sVhpzDkp0rN
Score9/10-
Contacts a large (9696) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-