Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

.bash/autorun

ubuntu-18.04-amd64

6

.bash/autorun

debian-9-armhf

6

.bash/autorun

debian-9-mips

6

.bash/autorun

debian-9-mipsel

1

.bash/makesalt

ubuntu-18.04-amd64

.bash/ntpd

ubuntu-18.04-amd64

3

.bash/psybncchk

ubuntu-18.04-amd64

1

.bash/psybncchk

debian-9-armhf

1

.bash/psybncchk

debian-9-mips

1

.bash/psybncchk

debian-9-mipsel

1

.bash/run

ubuntu-18.04-amd64

1

.bash/run

debian-9-armhf

1

.bash/run

debian-9-mips

1

.bash/run

debian-9-mipsel

1

.bash/src/match.o

ubuntu-18.04-amd64

.bash/src/...fish.o

ubuntu-18.04-amd64

.bash/src/p_client.o

ubuntu-18.04-amd64

.bash/src/p_crypt.o

ubuntu-18.04-amd64

.bash/src/p_dcc.o

ubuntu-18.04-amd64

.bash/src/p_hash.o

ubuntu-18.04-amd64

.bash/src/p_idea.o

ubuntu-18.04-amd64

.bash/src/p_inifunc.o

ubuntu-18.04-amd64

.bash/src/p_intnet.o

ubuntu-18.04-amd64

.bash/src/p_link.o

ubuntu-18.04-amd64

.bash/src/p_log.o

ubuntu-18.04-amd64

.bash/src/p_memory.o

ubuntu-18.04-amd64

.bash/src/p_network.o

ubuntu-18.04-amd64

.bash/src/p_parse.o

ubuntu-18.04-amd64

.bash/src/p_peer.o

ubuntu-18.04-amd64

.bash/src/p_script.o

ubuntu-18.04-amd64

.bash/src/p_server.o

ubuntu-18.04-amd64

.bash/src/p_socket.o

ubuntu-18.04-amd64

Analysis

  • max time kernel
    12s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20231215-en
  • resource tags

    arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    22/12/2023, 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bash/autorun

  • Size

    327B

  • MD5

    167f53692010bdbe9aff7f5d29930bdf

  • SHA1

    ea5c47baefd3bb65145bc14d191fb68f53d85e76

  • SHA256

    9b5fe82b07db25b24e75789fd760d1065ea0215410f12eaf06bcba433b0874c2

  • SHA512

    03e3eea8fa88b4f9994110cc5113b820579059042027f030b0966bf3f948c7b637985ed4bf8a43a3b9b4867f9e4c175b3910d01dd81df5cbd2ece65f9cb655a5

Score
6/10
persistence

Malware Config

Signatures

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.bash/autorun
    /tmp/.bash/autorun
    1⤵
    • Writes file to tmp directory
    PID:664
    • /bin/cat
      cat mech.dir
      2⤵
        PID:665
      • /usr/bin/crontab
        crontab cron.d
        2⤵
        • Creates/modifies Cron job
        • Reads runtime system information
        PID:667
      • /usr/bin/crontab
        crontab -l
        2⤵
        • Reads runtime system information
        PID:671
      • /bin/grep
        grep update
        2⤵
          PID:672
        • /bin/chmod
          chmod u+x update
          2⤵
            PID:675

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/spool/cron/crontabs/tmp.1NmClf
          Filesize

          224B

          MD5

          01c36288e4e4a67885046732244694ed

          SHA1

          3c116ad89b8a9a93e2eb98c69c46e2166a64abec

          SHA256

          c4743d2bff3ce338769443a67bddabd84b20cc75bff8cbf153e1a788ef986fc8

          SHA512

          82ba0ecfe57c0fe7b0bd2abe1f39f3189ac831ee07c37be228f74981aa3fc6d6b771672d02d5473af59d237120a8dac782b77d99bff3c4e3611f2402be21fcce

          Download Submit