Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
ec8201f3323c5996a021e2abd0310dccd5ce90059cb6ee4c4af2b56bd326e731.elf
-
Size
98KB
-
Sample
240219-g6vdnaaf2y
-
MD5
e5409ee931e29ffc035bf8802a141084
-
SHA1
ce5d9cbe2ce5c217d55472240afb05a21d6ea69e
-
SHA256
ec8201f3323c5996a021e2abd0310dccd5ce90059cb6ee4c4af2b56bd326e731
-
SHA512
6793c7247613d08903105dcb41e33e9785f0c78c186217383b87814d6465b94add98113442b4b56c8f0f00d10d514420b9f9a3e2424d7d2eb77a87f44bdc79f4
-
SSDEEP
1536:nR8r9obMb1xSK0AqVNvBOUUiMx7CBSkHC3eANKlDZQYr8N4eAe7ZiA:nRG9obMb1xb0AqVi3eLDhje7V
Malware Config
Targets
-
-
Target
ec8201f3323c5996a021e2abd0310dccd5ce90059cb6ee4c4af2b56bd326e731.elf
-
Size
98KB
-
MD5
e5409ee931e29ffc035bf8802a141084
-
SHA1
ce5d9cbe2ce5c217d55472240afb05a21d6ea69e
-
SHA256
ec8201f3323c5996a021e2abd0310dccd5ce90059cb6ee4c4af2b56bd326e731
-
SHA512
6793c7247613d08903105dcb41e33e9785f0c78c186217383b87814d6465b94add98113442b4b56c8f0f00d10d514420b9f9a3e2424d7d2eb77a87f44bdc79f4
-
SSDEEP
1536:nR8r9obMb1xSK0AqVNvBOUUiMx7CBSkHC3eANKlDZQYr8N4eAe7ZiA:nRG9obMb1xb0AqVi3eLDhje7V
Score7/10-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2Hijack Execution Flow
1Scheduled Task/Job
1Privilege Escalation
Boot or Logon Autostart Execution
2Hijack Execution Flow
1Scheduled Task/Job
1