Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
130s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231221-en -
resource tags
-
submitted
13/02/2024, 03:39 UTC
General
-
Target
a0587444b330396a655da01a7cc8405774da42b042a61812f884b95102273a70.elf
-
Size
20KB
-
MD5
ff6de7225359086e82701d3738bc68a8
-
SHA1
79cc64d6d0439f769a108f2b0e1e2fe9913a870d
-
SHA256
a0587444b330396a655da01a7cc8405774da42b042a61812f884b95102273a70
-
SHA512
79c5c81dd533fd843f030443be0ac05ec1569f18ebea1da4261c3d85e381d01fd5cc1538b1f5f0b842a30ef0d22e247395f1180d50e0a3e7ad4b1d53bb5efabe
-
SSDEEP
384:M0sLpj8s/qPui8uZxoIA57RWQjJiEVi+ZkJaQNAr8vcoBAvP+qNV+KLebRtu7SyQ:k98o08kxofBE+ZkJaT47C2EpitmQ
Score
10/10
Malware Config
Extracted
Family
mirai
Botnet
LZRD
Signatures
-
Mirai
Mirai is a prevalent Linux malware infecting exposed network devices.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Writes file to system bin folder 1 TTPs 2 IoCs
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
Processes
-
/tmp/a0587444b330396a655da01a7cc8405774da42b042a61812f884b95102273a70.elf/tmp/a0587444b330396a655da01a7cc8405774da42b042a61812f884b95102273a70.elf1⤵
Network
-
DNScdn.fwupd.orgRemote address:1.1.1.1:53Requestcdn.fwupd.orgIN AResponsecdn.fwupd.orgIN CNAMEdualstack.p2.shared.global.fastly.netdualstack.p2.shared.global.fastly.netIN A151.101.66.49dualstack.p2.shared.global.fastly.netIN A151.101.130.49dualstack.p2.shared.global.fastly.netIN A151.101.194.49dualstack.p2.shared.global.fastly.netIN A151.101.2.49 -
DNScdn.fwupd.orgRemote address:1.1.1.1:53Requestcdn.fwupd.orgIN A
-
DNScdn.fwupd.orgRemote address:1.1.1.1:53Requestcdn.fwupd.orgIN A
-
DNScdn.fwupd.orgRemote address:1.1.1.1:53Requestcdn.fwupd.orgIN AAAAResponsecdn.fwupd.orgIN CNAMEdualstack.p2.shared.global.fastly.netdualstack.p2.shared.global.fastly.netIN AAAA2a04:4e42:400::561dualstack.p2.shared.global.fastly.netIN AAAA2a04:4e42:600::561dualstack.p2.shared.global.fastly.netIN AAAA2a04:4e42::561dualstack.p2.shared.global.fastly.netIN AAAA2a04:4e42:200::561
-
DNScdn.fwupd.orgRemote address:1.1.1.1:53Requestcdn.fwupd.orgIN AAAA
-
DNScdn.fwupd.orgRemote address:1.1.1.1:53Requestcdn.fwupd.orgIN AAAA
-
DNS1527653184.rsc.cdn77.orgRemote address:1.1.1.1:53Request1527653184.rsc.cdn77.orgIN AResponse1527653184.rsc.cdn77.orgIN A195.181.164.141527653184.rsc.cdn77.orgIN A89.187.167.4
-
DNS1527653184.rsc.cdn77.orgRemote address:1.1.1.1:53Request1527653184.rsc.cdn77.orgIN AAAAResponse1527653184.rsc.cdn77.orgIN AAAA2a02:6ea0:ca00::41527653184.rsc.cdn77.orgIN AAAA2a02:6ea0:ca00::3
-
DNS1527653184.rsc.cdn77.orgRemote address:1.1.1.1:53Request1527653184.rsc.cdn77.orgIN AAAA
-
DNS1527653184.rsc.cdn77.orgRemote address:1.1.1.1:53Request1527653184.rsc.cdn77.orgIN AAAA
-
DNS1527653184.rsc.cdn77.orgRemote address:1.1.1.1:53Request1527653184.rsc.cdn77.orgIN AAAA
-
DNS1527653184.rsc.cdn77.orgRemote address:1.1.1.1:53Request1527653184.rsc.cdn77.orgIN AAAA
-
151.101.130.49:443tls
-
151.101.1.91:443tls
-
195.181.164.14:443tls -
93.123.85.11:3778
-
151.101.2.49:443cdn.fwupd.orgtls
-
185.125.188.62:443tls
-
185.125.188.61:443tls
-
151.101.1.91:443
-
151.101.65.91:443
-
151.101.129.91:443
-
151.101.193.91:443extensions.gnome.orgtls
-
89.187.167.4:443odrs.gnome.orgtls
-
224.0.0.251:5353 -
1.1.1.1:53cdn.fwupd.orgdns
DNS Request
cdn.fwupd.org
DNS Request
cdn.fwupd.org
DNS Request
cdn.fwupd.org
DNS Response
151.101.66.49151.101.130.49151.101.194.49151.101.2.49
-
1.1.1.1:53cdn.fwupd.orgdns
DNS Request
cdn.fwupd.org
DNS Request
cdn.fwupd.org
DNS Request
cdn.fwupd.org
DNS Response
2a04:4e42:400::5612a04:4e42:600::5612a04:4e42::5612a04:4e42:200::561
-
1.1.1.1:531527653184.rsc.cdn77.orgdns
DNS Request
1527653184.rsc.cdn77.org
DNS Response
195.181.164.1489.187.167.4
-
1.1.1.1:531527653184.rsc.cdn77.orgdns
DNS Request
1527653184.rsc.cdn77.org
DNS Request
1527653184.rsc.cdn77.org
DNS Request
1527653184.rsc.cdn77.org
DNS Request
1527653184.rsc.cdn77.org
DNS Request
1527653184.rsc.cdn77.org
DNS Response
2a02:6ea0:ca00::42a02:6ea0:ca00::3