Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
155s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231222-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
13/02/2024, 02:09
Behavioral task
behavioral1
Sample
258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
General
-
Target
258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf
-
Size
49KB
-
MD5
89d3cce7dbc9688305c0b2c5061c5a43
-
SHA1
576ac3175d85ddb3fceb3fb76fdd89929088d3b3
-
SHA256
258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921
-
SHA512
1df216f351fe3cca53718019988af647c690d8c6e057aad9a7f4c0d16ba92ad8378031810a9cebd0c5a47503dded6cfada42a8b54c25b81a647cde54ddcada06
-
SSDEEP
1536:Y6elVWRLShIvuIHuR86NofaE232Lb4mbAMwLUIgl:qjWBAAHuR86ofaE23bm/4UIgl
Malware Config
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself a 1607 258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf -
Deletes itself 1 IoCs
pid Process 1607 258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf -
Renames itself 1 IoCs
pid Process 1607 258ec354201af0f0b6015ad02738fede58936cb84810222c4b0b7343a53ef921.elf -
Unexpected DNS network traffic destination 59 IoCs
Network traffic to other servers than the configured DNS servers was detected on the DNS port.
description ioc Destination IP 185.84.81.194 Destination IP 51.158.108.203 Destination IP 51.254.162.59 Destination IP 88.198.92.222 Destination IP 45.61.49.203 Destination IP 192.3.165.37 Destination IP 168.138.8.38 Destination IP 185.181.61.24 Destination IP 80.152.203.134 Destination IP 51.254.162.59 Destination IP 80.152.203.134 Destination IP 168.138.8.38 Destination IP 51.254.162.59 Destination IP 51.254.162.59 Destination IP 103.87.68.194 Destination IP 192.3.165.37 Destination IP 51.158.108.203 Destination IP 80.152.203.134 Destination IP 168.138.8.38 Destination IP 168.138.8.38 Destination IP 103.87.68.194 Destination IP 192.3.165.37 Destination IP 51.158.108.203 Destination IP 51.254.162.59 Destination IP 51.254.162.59 Destination IP 88.198.92.222 Destination IP 103.87.68.194 Destination IP 103.87.68.194 Destination IP 185.84.81.194 Destination IP 168.138.8.38 Destination IP 194.36.144.87 Destination IP 51.158.108.203 Destination IP 168.138.8.38 Destination IP 103.87.68.194 Destination IP 88.198.92.222 Destination IP 51.158.108.203 Destination IP 51.254.162.59 Destination IP 51.254.162.59 Destination IP 192.3.165.37 Destination IP 185.84.81.194 Destination IP 168.138.8.38 Destination IP 88.198.92.222 Destination IP 80.152.203.134 Destination IP 51.254.162.59 Destination IP 88.198.92.222 Destination IP 103.87.68.194 Destination IP 103.87.68.194 Destination IP 185.84.81.194 Destination IP 185.84.81.194 Destination IP 168.138.8.38 Destination IP 51.254.162.59 Destination IP 168.138.8.38 Destination IP 103.87.68.194 Destination IP 103.87.68.194 Destination IP 103.87.68.194 Destination IP 192.3.165.37 Destination IP 80.152.203.134 Destination IP 168.138.8.38 Destination IP 88.198.92.222 -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc File opened for reading /proc/net/tcp -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc File opened for reading /proc/net/tcp