Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
b62ef270df2cb46fb862130d270e5d84
-
Size
164KB
-
Sample
240306-bzlv2sfc2y
-
MD5
b62ef270df2cb46fb862130d270e5d84
-
SHA1
d298c1fd29a775989290e5b43ed5c9be3779eac6
-
SHA256
6a9f18f06cff43ca4a84231ec05cd0f13b72fc250bb75ccda4ace60c2c2dcb75
-
SHA512
6bec24e4a1faee4c9b1b79571004633b0d2d3c5d4570b7fdc85825be348ec84d9d2bda877c6ebd99aecfef42ecd2d38493d2764f6344e3bb5f3c777b0c2e73a3
-
SSDEEP
3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xioiaabEtnwKSDP99w:p3lOYoaja8xzx/0wsxzSigabE5wKSDPo
Behavioral task
behavioral1
Sample
b62ef270df2cb46fb862130d270e5d84
Resource
debian9-mipsbe-20240226-en
Malware Config
Targets
-
-
Target
b62ef270df2cb46fb862130d270e5d84
-
Size
164KB
-
MD5
b62ef270df2cb46fb862130d270e5d84
-
SHA1
d298c1fd29a775989290e5b43ed5c9be3779eac6
-
SHA256
6a9f18f06cff43ca4a84231ec05cd0f13b72fc250bb75ccda4ace60c2c2dcb75
-
SHA512
6bec24e4a1faee4c9b1b79571004633b0d2d3c5d4570b7fdc85825be348ec84d9d2bda877c6ebd99aecfef42ecd2d38493d2764f6344e3bb5f3c777b0c2e73a3
-
SSDEEP
3072:phNlHuBafLeBtfCzpta8xlBIOdVo3/4sxLJ10xioiaabEtnwKSDP99w:p3lOYoaja8xzx/0wsxzSigabE5wKSDPo
Score9/10-
Contacts a large (5984) amount of remote hosts
This may indicate a network scan to discover remotely running services.
-
Patched UPX-packed file
Sample is packed with UPX but required header fields are zeroed out to prevent unpacking with the default UPX tool.
-
Changes its process name
-
Modifies Watchdog functionality
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
-
Creates a large amount of network flows
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets
Gets active TCP sockets from /proc virtual filesystem.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system routing table
Gets active network interfaces from /proc virtual filesystem.
-
Writes file to system bin folder
-