Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
151s -
max time network
10s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
arch:armhfimage:debian9-armhf-20231215-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
12/02/2024, 03:44
Behavioral task
behavioral1
Sample
2f04c29cc8660d32e77fedbde21e9b2c3399c8dd80e66b74c0a7f05b34365a84.elf
Resource
debian9-armhf-20231215-en
General
-
Target
2f04c29cc8660d32e77fedbde21e9b2c3399c8dd80e66b74c0a7f05b34365a84.elf
-
Size
126KB
-
MD5
28ec7b62f2c47abb516aa702264173de
-
SHA1
bec3a7869fb7eb04653e10004684260991c72460
-
SHA256
2f04c29cc8660d32e77fedbde21e9b2c3399c8dd80e66b74c0a7f05b34365a84
-
SHA512
911dfec06e8b60d3d06ebb1f856528a538f362803a4de65afbcf6b02b069042fe9e95bdba2af64840672ccc6fd98364c24aa00554b6ddcf99af32939e901e246
-
SSDEEP
3072:cowpuQyNSG7Ra1styK9flTQPHo1rScVM/9SAvjik:cowpuQyNSG1a1styKdlTuI1rSmM/9bvV
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc File opened for modification /dev/watchdog File opened for modification /dev/misc/watchdog -
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
description ioc File opened for modification /sbin/watchdog File opened for modification /bin/watchdog -
Reads runtime system information 42 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/588/cmdline File opened for reading /proc/702/cmdline File opened for reading /proc/783/cmdline File opened for reading /proc/760/cmdline File opened for reading /proc/771/cmdline File opened for reading /proc/583/cmdline File opened for reading /proc/652/cmdline File opened for reading /proc/692/cmdline File opened for reading /proc/711/cmdline File opened for reading /proc/737/cmdline File opened for reading /proc/746/cmdline File opened for reading /proc/759/cmdline File opened for reading /proc/767/cmdline File opened for reading /proc/585/cmdline File opened for reading /proc/646/cmdline File opened for reading /proc/684/cmdline File opened for reading /proc/777/cmdline File opened for reading /proc/754/cmdline File opened for reading /proc/785/cmdline File opened for reading /proc/647/cmdline File opened for reading /proc/670/cmdline File opened for reading /proc/710/cmdline File opened for reading /proc/773/cmdline File opened for reading /proc/787/cmdline File opened for reading /proc/603/cmdline File opened for reading /proc/643/cmdline File opened for reading /proc/713/cmdline File opened for reading /proc/769/cmdline File opened for reading /proc/775/cmdline File opened for reading /proc/780/cmdline File opened for reading /proc/781/cmdline File opened for reading /proc/589/cmdline File opened for reading /proc/738/cmdline File opened for reading /proc/753/cmdline File opened for reading /proc/649/cmdline File opened for reading /proc/717/cmdline File opened for reading /proc/745/cmdline File opened for reading /proc/765/cmdline File opened for reading /proc/779/cmdline File opened for reading /proc/642/cmdline File opened for reading /proc/669/cmdline File opened for reading /proc/725/cmdline