Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

.bash/autorun

ubuntu-18.04-amd64

6

.bash/autorun

debian-9-armhf

6

.bash/autorun

debian-9-mips

6

.bash/autorun

debian-9-mipsel

1

.bash/makesalt

ubuntu-18.04-amd64

.bash/ntpd

ubuntu-18.04-amd64

3

.bash/psybncchk

ubuntu-18.04-amd64

1

.bash/psybncchk

debian-9-armhf

1

.bash/psybncchk

debian-9-mips

1

.bash/psybncchk

debian-9-mipsel

1

.bash/run

ubuntu-18.04-amd64

1

.bash/run

debian-9-armhf

1

.bash/run

debian-9-mips

1

.bash/run

debian-9-mipsel

1

.bash/src/match.o

ubuntu-18.04-amd64

.bash/src/...fish.o

ubuntu-18.04-amd64

.bash/src/p_client.o

ubuntu-18.04-amd64

.bash/src/p_crypt.o

ubuntu-18.04-amd64

.bash/src/p_dcc.o

ubuntu-18.04-amd64

.bash/src/p_hash.o

ubuntu-18.04-amd64

.bash/src/p_idea.o

ubuntu-18.04-amd64

.bash/src/p_inifunc.o

ubuntu-18.04-amd64

.bash/src/p_intnet.o

ubuntu-18.04-amd64

.bash/src/p_link.o

ubuntu-18.04-amd64

.bash/src/p_log.o

ubuntu-18.04-amd64

.bash/src/p_memory.o

ubuntu-18.04-amd64

.bash/src/p_network.o

ubuntu-18.04-amd64

.bash/src/p_parse.o

ubuntu-18.04-amd64

.bash/src/p_peer.o

ubuntu-18.04-amd64

.bash/src/p_script.o

ubuntu-18.04-amd64

.bash/src/p_server.o

ubuntu-18.04-amd64

.bash/src/p_socket.o

ubuntu-18.04-amd64

Analysis

  • max time kernel
    2s
  • max time network
    128s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231222-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    22/12/2023, 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bash/autorun

  • Size

    327B

  • MD5

    167f53692010bdbe9aff7f5d29930bdf

  • SHA1

    ea5c47baefd3bb65145bc14d191fb68f53d85e76

  • SHA256

    9b5fe82b07db25b24e75789fd760d1065ea0215410f12eaf06bcba433b0874c2

  • SHA512

    03e3eea8fa88b4f9994110cc5113b820579059042027f030b0966bf3f948c7b637985ed4bf8a43a3b9b4867f9e4c175b3910d01dd81df5cbd2ece65f9cb655a5

Score
6/10
persistence

Malware Config

Signatures

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.bash/autorun
    /tmp/.bash/autorun
    1⤵
    • Writes file to tmp directory
    PID:1598
    • /bin/cat
      cat mech.dir
      2⤵
        PID:1599
      • /usr/bin/crontab
        crontab cron.d
        2⤵
        • Creates/modifies Cron job
        PID:1600
      • /bin/grep
        grep update
        2⤵
          PID:1602
        • /usr/bin/crontab
          crontab -l
          2⤵
            PID:1601
          • /bin/chmod
            chmod u+x update
            2⤵
              PID:1603

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /var/spool/cron/crontabs/tmp.VQvz64
            Filesize

            224B

            MD5

            429bbaa10a9cc84c429a8e5f2bfb7ea4

            SHA1

            40bb81fcc58091cb059f2deaba7f94bef2faae24

            SHA256

            1314034d0a5bf83dfc040dbcf8788f74ccc31ef8644c4ccdcc7e5573c94fbe46

            SHA512

            57621b76cd393bf5df073ede3fe9ea51f564ff6fc45edb3d59bafdf39d928377b54744a285e4a862c18e78e3ebab426d719d176bb6eae109a12cfeca853be55d

            Download Submit