Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
06/03/2024, 02:08
Behavioral task
behavioral1
Sample
15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b.elf
Resource
debian9-mipsbe-20240226-en
General
-
Target
15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b.elf
-
Size
2.4MB
-
MD5
9044d7e0ac4cab8917829cc22df9abda
-
SHA1
e3076668487ccb1091f8d02fbfed62627d3bfe55
-
SHA256
15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b
-
SHA512
412d6456de87e3656446c0e096667b3d0c3a8bcc7088adc7f0622b6f563cc04e66932c09a0a165c50d57b22523bf70110e73ed830ea5ed8b055c6bd49243a487
-
SSDEEP
49152:I22aCIjTfiH8LnLf61ayqpTj0lB4ykrrpUymAI:zCsD1pTj0l+FGyO
Malware Config
Signatures
-
StealthWorker
StealthWorker is golang-based brute force malware.
-
Checks CPU configuration 1 TTPs 2 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo cat File opened for reading /proc/cpuinfo cat -
Creates/modifies Cron job 1 TTPs 1 IoCs
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
description ioc Process File opened for modification /var/spool/cron/crontabs/tmp.s1p2Xg crontab -
Reads runtime system information 5 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/version cat File opened for reading /proc/filesystems crontab File opened for reading /proc/self/exe 15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b.elf File opened for reading /proc/version cat File opened for reading /proc/self/exe 15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b.elf
Processes
-
/tmp/15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b.elf/tmp/15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b.elf1⤵
- Reads runtime system information
PID:709 -
/bin/catcat /proc/version2⤵
- Reads runtime system information
PID:725
-
-
/bin/catcat /proc/cpuinfo2⤵
- Checks CPU configuration
PID:728
-
-
/bin/unameuname -a2⤵PID:730
-
-
/usr/bin/getconfgetconf LONG_BIT2⤵PID:732
-
-
/tmp/15b75fa3114a2dad6981e1a145cb45a9875948007a6e41ca2b2df4ad08aaff2b.elf"[stealth]"2⤵
- Reads runtime system information
PID:743 -
/bin/catcat /proc/version3⤵
- Reads runtime system information
PID:748
-
-
-
/bin/catcat /proc/cpuinfo1⤵
- Checks CPU configuration
PID:750
-
/bin/unameuname -a1⤵PID:751
-
/usr/bin/getconfgetconf LONG_BIT1⤵PID:752
-
/usr/bin/crontab/usr/bin/crontab /tmp/nip9iNeiph5chee1⤵
- Creates/modifies Cron job
- Reads runtime system information
PID:754
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
3B
MD55c572eca050594c7bc3c36e7e8ab9550
SHA1f032e58930733b4d76fabb3398e75d86d881b245
SHA2560df5486b7bca884d5f00c502e216f734b2865b202397f24bca25ac9b8a95ab4a
SHA512e123b36abe204842ee829186f2de9e604f66f634322e3678af903e9d06d03dccdf5accc4d5cd612c2ff75f4c64a283e9500c466e235d7031f77a6329f8be56b9
-
Filesize
102B
MD5bfcddd8e98f8e3f1eebd6b58b115a318
SHA12b1b1e9ac3b6361c63e18d5d7d89f41b41e46e51
SHA256c01426f38518b1ebf0be9108b6e6cb8f4dea2dcfaa54068e0afca69163c7f734
SHA512b2b452b198ece9b2d23f75919c8d310d38846afb5d852dd46d2acecf41ae65011995f64e0c1918ed081fbf1c75941b8d7b22a91c69127aff361e3235c9dcfe75
-
Filesize
296B
MD5661eb8495ff413b7b98afeb8cff2b506
SHA1dec2a10d03dbc290fc868e7be8bcbe1a629f8c9c
SHA2560d45ffc872e2d241cbb60c00fd7afd2b427f4b2857deff12257d8c00d75b51fd
SHA5127e98f970f475e1bbdc55f4dc12c651c16c17a6dbcd295a73ada836c24214b8789d3f466572ec9b12fad775c18dda3ad985f28565099dc5ffb0ab9c98c71fd144