Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
060e6c1355f31fd4768b9c19aa66f18d
-
Size
235KB
-
Sample
231219-2blhgsaec7
-
MD5
060e6c1355f31fd4768b9c19aa66f18d
-
SHA1
e46d91d1b4969a3fc610563b1a636077169003d8
-
SHA256
e4fe2403a9219697a38d98cef7ea15502cae486a1f9487709ffdf6cb97ef73c9
-
SHA512
5945ef48cd0059f79bcb127cee994f76c0d93b5636cb1d4fa88ccb8cb67497febfbdbb205d33819d990b8cdc9e41ebbfd7a9af866af32e34c37ffecfa14d74f3
-
SSDEEP
6144:Z2RXM2tRNa+VqIYd0thgUQbWkIM/95uQWm/5k4yFTbQWr:Z2R82tRNa+VqIYdJnRx/vuQWm/5k4UTR
Behavioral task
behavioral1
Sample
060e6c1355f31fd4768b9c19aa66f18d
Resource
debian9-armhf-20231215-en
Malware Config
Extracted
gafgyt
127.0.0.1:80
Targets
-
-
Target
060e6c1355f31fd4768b9c19aa66f18d
-
Size
235KB
-
MD5
060e6c1355f31fd4768b9c19aa66f18d
-
SHA1
e46d91d1b4969a3fc610563b1a636077169003d8
-
SHA256
e4fe2403a9219697a38d98cef7ea15502cae486a1f9487709ffdf6cb97ef73c9
-
SHA512
5945ef48cd0059f79bcb127cee994f76c0d93b5636cb1d4fa88ccb8cb67497febfbdbb205d33819d990b8cdc9e41ebbfd7a9af866af32e34c37ffecfa14d74f3
-
SSDEEP
6144:Z2RXM2tRNa+VqIYd0thgUQbWkIM/95uQWm/5k4yFTbQWr:Z2R82tRNa+VqIYdJnRx/vuQWm/5k4UTR
Score9/10-
Contacts a large (323755) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-