Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231222-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
26/12/2023, 12:22
Behavioral task
behavioral1
Sample
6e2c640e5ac79fd488978f53fd7b1047
Resource
ubuntu1804-amd64-20231222-en
General
-
Target
6e2c640e5ac79fd488978f53fd7b1047
-
Size
8.2MB
-
MD5
6e2c640e5ac79fd488978f53fd7b1047
-
SHA1
7ca2962f444b7e7d3b7278ad9ce74c330e676476
-
SHA256
38ff3f5d90629fa2150f08166149f16756adbcd42c9c5bcd2dcec0db773b0a18
-
SHA512
ef0fbd7581db6bc51821cf03fee7ff7ebf34eff51d9f871651bb2bfa20fee405ce5c01ce1ac8cc35d52cf915934f01cfdee02be2e497de7bf8e16d565fd4f09f
-
SSDEEP
98304:8bQUVZFz/Mg7nht3QFL9eKyBx1y8eiUlOX:InFTMyn/3QkWl
Malware Config
Signatures
-
Checks CPU configuration 1 TTPs 2 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /var/spool/cron/crontabs/tmp.oF2rc0 crontab -
Reads runtime system information 4 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/version cat File opened for reading /proc/sys/net/core/somaxconn 6e2c640e5ac79fd488978f53fd7b1047 File opened for reading /proc/version cat File opened for reading /proc/sys/net/core/somaxconn 6e2c640e5ac79fd488978f53fd7b1047 -
Writes file to tmp directory 3 IoCs
Malware often drops required files in the /tmp directory.
description ioc File opened for modification /tmp/[stealth].pid File opened for modification /tmp/.pid File opened for modification /tmp/nip9iNeiph5chee
Processes
-
/tmp/6e2c640e5ac79fd488978f53fd7b1047/tmp/6e2c640e5ac79fd488978f53fd7b10471⤵
- Reads runtime system information
PID:1610 -
/bin/catcat /proc/version2⤵
- Reads runtime system information
PID:1614
-
-
/bin/catcat /proc/cpuinfo1⤵
- Checks CPU configuration
PID:1615
-
/bin/unameuname -a1⤵PID:1617
-
/usr/bin/getconfgetconf LONG_BIT1⤵PID:1621
-
/tmp/6e2c640e5ac79fd488978f53fd7b1047"[stealth]"1⤵
- Reads runtime system information
PID:1622 -
/bin/catcat /proc/version2⤵
- Reads runtime system information
PID:1626
-
-
/bin/catcat /proc/cpuinfo1⤵
- Checks CPU configuration
PID:1627
-
/bin/unameuname -a1⤵PID:1628
-
/usr/bin/getconfgetconf LONG_BIT1⤵PID:1629
-
/usr/bin/crontab/usr/bin/crontab /tmp/nip9iNeiph5chee1⤵
- Creates/modifies Cron job
PID:1630
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
4B
MD5c7af0926b294e47e52e46cfebe173f20
SHA1948b13c7ba369f02fc29d936c124689877023958
SHA2566d7be37d6aa3665ddca5b4c3ab26e689e4efc1c33bea69ccbaeec6ed49569558
SHA51284ff72624f10220c6960fc1d0fe9bbdd329bdc5b8eeef36d8b31d9f3b78f050f11d21b67839576982d1aa87312a1c19e075d284f7b13d28d87631735d73310e6
-
Filesize
66B
MD50cd786e8795a6bb8fe9abdadd72fb4d0
SHA17df3c6ec506473485d247c37603439386ad28b32
SHA256811f7a6f37581c1ed59ad2b2ab238796e81081b8c9623e0039d22f260511981b
SHA51229bcbb5368719799e746c480a518668a6b7db2e7d60bf2d39ccbabcba5d2f0f82de2517d1daa4cc5399e124c2ca05420e5182e599145824f86c2273f9df22ba7
-
Filesize
260B
MD50fbe5dd4887936f2e361c277c85ae4e0
SHA18d0bb687d80592a7e8ad307dab55beb9c0f4fb23
SHA2561bb3eb865e946c2db2f8fdc89220a9259e6ed63f12b6bf11dedb9ca6e77b9f21
SHA512a31ec62155655013e47036acdf12f385032701215c286e2b7d1a131adae15c0165e8a9ce4735ee864949e73dedfeab29cc9058c04ab5663d11adbce52250d0fb