Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
152s -
max time network
155s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20231222-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20231222-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
13/02/2024, 05:01
Static task
static1
Behavioral task
behavioral1
Sample
bfb598be9ffe2a8452cec9efb06546a2eba2da10e1e52688f390eedeedcbca53.elf
Resource
ubuntu1804-amd64-20231222-en
ubuntu-18.04-amd64
General
-
Target
bfb598be9ffe2a8452cec9efb06546a2eba2da10e1e52688f390eedeedcbca53.elf
-
Size
53KB
-
MD5
25d57c6e18552f851bacc79b7d798dc9
-
SHA1
8325c4ee298cac66f43c5f7021a02ad0fffcd384
-
SHA256
bfb598be9ffe2a8452cec9efb06546a2eba2da10e1e52688f390eedeedcbca53
-
SHA512
18518b3116afdd6855357c49c1085c0841b56b3ec43fe29d12cce15e097a399733866f7f7abb0a209b2770dcc3cd9e5a5a998477a7e2a6d9dc919ce0633d88d0
-
SSDEEP
768:430LPFyF5SrN+HMivtmK45VkkWgDyTtLG2ZDjTIH:4ghOdvtniV7WgDy/cH
Malware Config
Signatures
-
Contacts a large (47186) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc File opened for reading /proc/85/maps File opened for reading /proc/442/maps File opened for reading /proc/1170/maps File opened for reading /proc/2/maps File opened for reading /proc/1322/maps File opened for reading /proc/161/exe File opened for reading /proc/456/maps File opened for reading /proc/1305/maps File opened for reading /proc/1020/maps File opened for reading /proc/18/maps File opened for reading /proc/26/exe File opened for reading /proc/31/exe File opened for reading /proc/196/exe File opened for reading /proc/536/maps File opened for reading /proc/1015/maps File opened for reading /proc/4/maps File opened for reading /proc/24/maps File opened for reading /proc/80/maps File opened for reading /proc/1181/maps File opened for reading /proc/1558/maps File opened for reading /proc/15/maps File opened for reading /proc/20/maps File opened for reading /proc/421/maps File opened for reading /proc/1176/maps File opened for reading /proc/1329/maps File opened for reading /proc/1562/maps File opened for reading /proc/7/exe File opened for reading /proc/14/exe File opened for reading /proc/434/maps File opened for reading /proc/3/exe File opened for reading /proc/23/maps File opened for reading /proc/157/maps File opened for reading /proc/158/maps File opened for reading /proc/159/exe File opened for reading /proc/307/maps File opened for reading /proc/11/maps File opened for reading /proc/168/maps File opened for reading /proc/13/maps File opened for reading /proc/1219/maps File opened for reading /proc/1110/maps File opened for reading /proc/1160/maps File opened for reading /proc/8/maps File opened for reading /proc/78/exe File opened for reading /proc/126/maps File opened for reading /proc/151/exe File opened for reading /proc/158/exe File opened for reading /proc/1034/maps File opened for reading /proc/23/exe File opened for reading /proc/161/maps File opened for reading /proc/438/maps File opened for reading /proc/991/maps File opened for reading /proc/78/maps File opened for reading /proc/98/maps File opened for reading /proc/510/maps File opened for reading /proc/163/maps File opened for reading /proc/1104/maps File opened for reading /proc/1142/maps File opened for reading /proc/1356/maps File opened for reading /proc/629/maps File opened for reading /proc/662/maps File opened for reading /proc/170/maps File opened for reading /proc/566/maps File opened for reading /proc/730/maps File opened for reading /proc/1258/maps