Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    87s
  • max time network
    153s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20231221-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20231221-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    13/02/2024, 05:23

General

  • Target

    cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd.elf

  • Size

    33KB

  • MD5

    1fa25a704d6be67b041b62c02dd2b9f7

  • SHA1

    ee840fe5aaf7a32eebb972ef043ada01ed586da1

  • SHA256

    cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd

  • SHA512

    57634cff1fc944341e97deebca79e6cf36f09578a987aa16b5d87a4feb9f19317269651f74d001d220aacebc940aade7a4c16e1cb0c6f29f945bd382d10b4c3a

  • SSDEEP

    768:DkT3a5lElCF5CIpadEKUrJqxsk3JS2aEcCYeAAy3t3dGbpBcsX:4T30ElCPvp/7EkeLYtNwBX

Malware Config

Extracted

Family

mirai

Botnet

MIRAI

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Contacts a large (73299) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Creates a large amount of network flows 1 TTPs

    This may indicate a network scan to discover remotely running services.

  • Changes its process name 1 IoCs
  • Deletes Audit logs 1 TTPs 1 IoCs

    Deletes logs related to the Linux Audit framework.

  • Deletes itself 1 IoCs
  • Deletes journal logs 1 TTPs 1 IoCs

    Deletes systemd journal logs. Likely to evade detection.

  • Deletes system logs 1 TTPs 1 IoCs

    Deletes log file which contains global system messages. Adversaries may delete system logs to minimize their footprint.

  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

Processes

  • /tmp/cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd.elf
    /tmp/cf1b85d4812f7ee052666276a184b481368f0c0c7a43e6d5df903535f466c5fd.elf
    1⤵
    • Changes its process name
    • Deletes itself
    • Modifies Watchdog functionality
    PID:1558

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads