Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

.bash/autorun

ubuntu-18.04-amd64

6

.bash/autorun

debian-9-armhf

6

.bash/autorun

debian-9-mips

6

.bash/autorun

debian-9-mipsel

1

.bash/makesalt

ubuntu-18.04-amd64

.bash/ntpd

ubuntu-18.04-amd64

3

.bash/psybncchk

ubuntu-18.04-amd64

1

.bash/psybncchk

debian-9-armhf

1

.bash/psybncchk

debian-9-mips

1

.bash/psybncchk

debian-9-mipsel

1

.bash/run

ubuntu-18.04-amd64

1

.bash/run

debian-9-armhf

1

.bash/run

debian-9-mips

1

.bash/run

debian-9-mipsel

1

.bash/src/match.o

ubuntu-18.04-amd64

.bash/src/...fish.o

ubuntu-18.04-amd64

.bash/src/p_client.o

ubuntu-18.04-amd64

.bash/src/p_crypt.o

ubuntu-18.04-amd64

.bash/src/p_dcc.o

ubuntu-18.04-amd64

.bash/src/p_hash.o

ubuntu-18.04-amd64

.bash/src/p_idea.o

ubuntu-18.04-amd64

.bash/src/p_inifunc.o

ubuntu-18.04-amd64

.bash/src/p_intnet.o

ubuntu-18.04-amd64

.bash/src/p_link.o

ubuntu-18.04-amd64

.bash/src/p_log.o

ubuntu-18.04-amd64

.bash/src/p_memory.o

ubuntu-18.04-amd64

.bash/src/p_network.o

ubuntu-18.04-amd64

.bash/src/p_parse.o

ubuntu-18.04-amd64

.bash/src/p_peer.o

ubuntu-18.04-amd64

.bash/src/p_script.o

ubuntu-18.04-amd64

.bash/src/p_server.o

ubuntu-18.04-amd64

.bash/src/p_socket.o

ubuntu-18.04-amd64

Analysis

  • max time kernel
    9s
  • platform
    debian-9_mips
  • resource
    debian9-mipsbe-20231215-en
  • resource tags

    arch:mipsimage:debian9-mipsbe-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem
  • submitted
    22/12/2023, 12:48

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    .bash/autorun

  • Size

    327B

  • MD5

    167f53692010bdbe9aff7f5d29930bdf

  • SHA1

    ea5c47baefd3bb65145bc14d191fb68f53d85e76

  • SHA256

    9b5fe82b07db25b24e75789fd760d1065ea0215410f12eaf06bcba433b0874c2

  • SHA512

    03e3eea8fa88b4f9994110cc5113b820579059042027f030b0966bf3f948c7b637985ed4bf8a43a3b9b4867f9e4c175b3910d01dd81df5cbd2ece65f9cb655a5

Score
6/10
persistence

Malware Config

Signatures

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 2 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/.bash/autorun
    /tmp/.bash/autorun
    1⤵
    • Writes file to tmp directory
    PID:715
    • /bin/cat
      cat mech.dir
      2⤵
        PID:717
      • /usr/bin/crontab
        crontab cron.d
        2⤵
        • Creates/modifies Cron job
        • Reads runtime system information
        PID:718
      • /bin/grep
        grep update
        2⤵
          PID:723
        • /usr/bin/crontab
          crontab -l
          2⤵
          • Reads runtime system information
          PID:722
        • /bin/chmod
          chmod u+x update
          2⤵
            PID:724

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/spool/cron/crontabs/tmp.7kP9Db
          Filesize

          224B

          MD5

          2d818c4d6568efaa1535e53398c96c78

          SHA1

          a2b5efe0e94509dab475176a53080a583a4f3a27

          SHA256

          945b11a80a8b1241f472d4d3758c66334ab37808ffcbf306f42997392a3389b9

          SHA512

          d3324592a616e8b26b806ba841126b85358ff559efa2df3444a3275227f01df0b29256a57c058895e6de150a83605c3a23d76faf8195c91259e59b690824e72f

          Download Submit