Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
9ea571eae4e7531b2d6235bc6342e28e
-
Size
31KB
-
Sample
231220-lta7gagcdn
-
MD5
9ea571eae4e7531b2d6235bc6342e28e
-
SHA1
2d3e333d8f0beb549784c68c32cdc117e9b67838
-
SHA256
2d74ccb0ea0853e80b11a99c738e32d8a031a161fd73c7ecfd83ef324803f4a1
-
SHA512
6de50bbfce843ec44dda4d02087b963c644a51d613f968458c3346e521594c4dde2ea43e08ee00a09b0d59561ffed5c4de690486db372be6439184ae7deb49d7
-
SSDEEP
384:f6qBpsx9W82ArxSUFkk56WDWJ8opxowbOoN0B4GodzADf1Nul1eWsVDndL9ZRWGv:SqIx9aA9SUsWEpKwKoN0BuMDPySnWa
Malware Config
Extracted
mirai
RIFT
Targets
-
-
Target
9ea571eae4e7531b2d6235bc6342e28e
-
Size
31KB
-
MD5
9ea571eae4e7531b2d6235bc6342e28e
-
SHA1
2d3e333d8f0beb549784c68c32cdc117e9b67838
-
SHA256
2d74ccb0ea0853e80b11a99c738e32d8a031a161fd73c7ecfd83ef324803f4a1
-
SHA512
6de50bbfce843ec44dda4d02087b963c644a51d613f968458c3346e521594c4dde2ea43e08ee00a09b0d59561ffed5c4de690486db372be6439184ae7deb49d7
-
SSDEEP
384:f6qBpsx9W82ArxSUFkk56WDWJ8opxowbOoN0B4GodzADf1Nul1eWsVDndL9ZRWGv:SqIx9aA9SUsWEpKwKoN0BuMDPySnWa
-
Contacts a large (23365) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder
-