Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
143s -
max time network
144s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
05/03/2024, 22:48
Behavioral task
behavioral1
Sample
9044d7e0ac4cab8917829cc22df9abda.elf
Resource
debian9-mipsbe-20240226-en
General
-
Target
9044d7e0ac4cab8917829cc22df9abda.elf
-
Size
2.4MB
-
MD5
9044d7e0ac4cab8917829cc22df9abda
-
SHA1
e3076668487ccb1091f8d02fbfed62627d3bfe55
-
SHA256
15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b
-
SHA512
412d6456de87e3656446c0e096667b3d0c3a8bcc7088adc7f0622b6f563cc04e66932c09a0a165c50d57b22523bf70110e73ed830ea5ed8b055c6bd49243a487
-
SSDEEP
49152:I22aCIjTfiH8LnLf61ayqpTj0lB4ykrrpUymAI:zCsD1pTj0l+FGyO
Malware Config
Signatures
-
StealthWorker
StealthWorker is golang-based brute force malware.
-
Checks CPU configuration 1 TTPs 2 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /var/spool/cron/crontabs/tmp.gI1P78 crontab -
Reads runtime system information 5 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/exe 9044d7e0ac4cab8917829cc22df9abda.elf File opened for reading /proc/version cat File opened for reading /proc/filesystems crontab File opened for reading /proc/self/exe 9044d7e0ac4cab8917829cc22df9abda.elf File opened for reading /proc/version cat
Processes
-
/tmp/9044d7e0ac4cab8917829cc22df9abda.elf/tmp/9044d7e0ac4cab8917829cc22df9abda.elf1⤵
- Reads runtime system information
PID:705 -
/bin/catcat /proc/version2⤵
- Reads runtime system information
PID:720
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:722
-
-
/bin/unameuname -a2⤵PID:725
-
-
/usr/bin/getconfgetconf LONG_BIT2⤵PID:727
-
-
/tmp/9044d7e0ac4cab8917829cc22df9abda.elf"[stealth]"2⤵
- Reads runtime system information
PID:729 -
/bin/catcat /proc/version3⤵
- Reads runtime system information
PID:739
-
-
/bin/catcat /proc/cpuinfo3⤵
- Checks CPU configuration
PID:740
-
-
/bin/unameuname -a3⤵PID:742
-
-
/usr/bin/getconfgetconf LONG_BIT3⤵PID:743
-
-
/usr/bin/crontab/usr/bin/crontab /tmp/nip9iNeiph5chee3⤵
- Creates/modifies Cron job
- Reads runtime system information
PID:745
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3B
MD55751ec3e9a4feab575962e78e006250d
SHA1baa924ce1ee3617f30a87ca26b2aeb62911af478
SHA256509694b0a010c6431900e71b8210521af57d39ce8e64deb365f0a5c6c9a2ef6d
SHA51247ccc6b01d9b2b8f27bac167d1fa138ad0f76d377637d4676c4496aa58300a393713a7188d0effd3973a7a16cce2a690e8060689286b171b12bd1cb3d33da536
-
Filesize
70B
MD5f8c66737a5a1d0fa12f393e973728935
SHA1a6155b82a9124e9502043ca7f1d9f953ed281595
SHA256b1a91d53a00a377760ef6624e7f48858777fac647af44cc6b782e19d08a44f46
SHA5125c677e9e8af688e21914e5d4a3c5b42b47af063844dec9c2febcd3a6d1545616c552c7002897e7ebf39d30acdcb37e2ff2a7a29c55e59e2e8822219266f1104e
-
Filesize
264B
MD559da7e33ee2478dade6cdb5690884229
SHA132e67f0265b6f4dcfd8a015802f86323f77aaf56
SHA256bc90fcc38db716a2703a2f6e4276887522106ea8cd1e5297e1d87040464b7674
SHA512c6f2f94c9cd39ea5442321d61507c080c7493f85d39cf0cb3a7434df676f75dbf0eae7e8c12d3f12985e0caa68730087fad435aaea3c061b4423246d93baf399