Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

ai.sh

ubuntu-18.04-amd64

7

ai.sh

debian-9-armhf

10

ai.sh

debian-9-mips

10

ai.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ai.sh

  • Size

    831B

  • Sample

    231220-fwy4esgdc2

  • MD5

    b1a64a7afeda8fc66076eae49bdb6267

  • SHA1

    0d840e800c0dac1d51f8a243056e94ed385c3a98

  • SHA256

    9d5036d204e6598fd4c4ac93688c9acdec3d6a1e4d14018ec16db955f3ee8b24

  • SHA512

    619c55b6f6d222c8a831a441205b75359976d9d80ba01734640d81b96a32e2b263448e16be8d3dad9afb1c78ebcd717cbc8dbefe134fc593f079a931140c67fa

Score
10/10
kaitenxmrigantivmbotnetlinuxminerpersistence

Malware Config

Targets

    • Target

      ai.sh

    • Size

      831B

    • MD5

      b1a64a7afeda8fc66076eae49bdb6267

    • SHA1

      0d840e800c0dac1d51f8a243056e94ed385c3a98

    • SHA256

      9d5036d204e6598fd4c4ac93688c9acdec3d6a1e4d14018ec16db955f3ee8b24

    • SHA512

      619c55b6f6d222c8a831a441205b75359976d9d80ba01734640d81b96a32e2b263448e16be8d3dad9afb1c78ebcd717cbc8dbefe134fc593f079a931140c67fa

    Score
    10/10
    antivmpersistencekaitenxmrigbotnetminer

    • Detects Kaiten/Tsunami Payload

    • Detects Kaiten/Tsunami payload

    • Kaiten/Tsunami

      Linux-based IoT botnet which is controlled through IRC and normally used to carry out DDoS attacks.

      botnetkaiten

    • XMRig Miner payload

      miner

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • Executes dropped EXE

    • Checks CPU configuration

      Checks CPU information which indicate if the system is a virtual machine.

      antivm

    • Checks hardware identifiers (DMI)

      Checks DMI information which indicate if the system is a virtual machine.

      antivm

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      persistence

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Reads CPU attributes

    • Reads hardware information

      Accesses system info like serial numbers, manufacturer names etc.

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks