Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    060e6c1355f31fd4768b9c19aa66f18d

  • Size

    235KB

  • Sample

    231219-2blhgsaec7

  • MD5

    060e6c1355f31fd4768b9c19aa66f18d

  • SHA1

    e46d91d1b4969a3fc610563b1a636077169003d8

  • SHA256

    e4fe2403a9219697a38d98cef7ea15502cae486a1f9487709ffdf6cb97ef73c9

  • SHA512

    5945ef48cd0059f79bcb127cee994f76c0d93b5636cb1d4fa88ccb8cb67497febfbdbb205d33819d990b8cdc9e41ebbfd7a9af866af32e34c37ffecfa14d74f3

  • SSDEEP

    6144:Z2RXM2tRNa+VqIYd0thgUQbWkIM/95uQWm/5k4yFTbQWr:Z2R82tRNa+VqIYdJnRx/vuQWm/5k4UTR

Score
10/10

Malware Config

Extracted

Family

gafgyt

C2

127.0.0.1:80

Targets

    • Target

      060e6c1355f31fd4768b9c19aa66f18d

    • Size

      235KB

    • MD5

      060e6c1355f31fd4768b9c19aa66f18d

    • SHA1

      e46d91d1b4969a3fc610563b1a636077169003d8

    • SHA256

      e4fe2403a9219697a38d98cef7ea15502cae486a1f9487709ffdf6cb97ef73c9

    • SHA512

      5945ef48cd0059f79bcb127cee994f76c0d93b5636cb1d4fa88ccb8cb67497febfbdbb205d33819d990b8cdc9e41ebbfd7a9af866af32e34c37ffecfa14d74f3

    • SSDEEP

      6144:Z2RXM2tRNa+VqIYd0thgUQbWkIM/95uQWm/5k4yFTbQWr:Z2R82tRNa+VqIYdJnRx/vuQWm/5k4UTR

    Score
    9/10
    • Contacts a large (323755) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks