Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
-
submitted
09/03/2024, 20:13
General
-
Target
https://e-z.bio/vojtax
Malware Config
Signatures
-
Changes its process name 64 IoCs
-
Reads user data of web browsers 32 IoCs
Reads stored browser data which can include saved credentials.
-
Reads CPU attributes 1 TTPs 2 IoCs
-
Enumerates kernel/hardware configuration 1 TTPs 55 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
-
Reads runtime system information 40 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/usr/bin/xdg-openxdg-open https://e-z.bio/vojtax1⤵
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager2⤵
-
/usr/bin/dbus-launchdbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr3⤵
-
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"2⤵
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE2⤵
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"2⤵
-
-
/usr/bin/xpropxprop -root2⤵
-
-
/usr/bin/grepgrep -q "^Enlightenment"2⤵
-
-
/usr/bin/unameuname2⤵
-
-
/usr/bin/grepgrep -q "^file://"2⤵
-
-
/usr/bin/egrepegrep -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/local/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/local/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/sbin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/bin/grepgrep -E -q "^[[:alpha:]+\\.\\-]+:"2⤵
-
-
/usr/bin/xdg-mimexdg-mime query default x-scheme-handler/https2⤵
-
/usr/bin/dbus-senddbus-send --print-reply "--dest=org.freedesktop.DBus" /org/freedesktop/DBus org.freedesktop.DBus.GetNameOwner string:org.gnome.SessionManager3⤵
-
/usr/bin/dbus-launchdbus-launch --autolaunch 4816dd152e8c48ff97e9117d197c13d8 --binary-syntax --close-stderr4⤵
-
-
-
/usr/bin/grepgrep " = \\\"xfce4\\\"\$"3⤵
-
-
/usr/bin/xpropxprop -root _DT_SAVE_MODE3⤵
-
-
/usr/bin/grepgrep -i "^xfce_desktop_window"3⤵
-
-
/usr/bin/xpropxprop -root3⤵
-
-
/usr/bin/grepgrep -q "^Enlightenment"3⤵
-
-
/usr/bin/unameuname3⤵
-
-
-
/usr/bin/whichwhich firefox2⤵
-
-
/usr/bin/firefox/usr/bin/firefox https://e-z.bio/vojtax2⤵
-
/usr/bin/whichwhich /usr/bin/firefox3⤵
-
-
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox https://e-z.bio/vojtax2⤵
- Reads user data of web browsers
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
- Writes file to tmp directory
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr3⤵
-
-
/usr/lib/firefox/glxtest/usr/lib/firefox/glxtest -f 133⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
-
-
/usr/bin/dbus-daemon/usr/bin/dbus-daemon --syslog-only --fork --print-pid 5 --print-address 7 --session1⤵
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/bin/sedsed -n "s/\\(^[[:alnum:]+\\.-]*\\):.*\$/\\1/p"1⤵
- Reads runtime system information
-
/usr/bin/sedsed "s/:/ /g"1⤵
- Reads runtime system information
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/headhead -n 11⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /.local/share/applications/defaults.list /.local/share/applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/local/share//applications/defaults.list /usr/local/share//applications/mimeinfo.cache1⤵
-
/usr/bin/cutcut -d ";" -f 11⤵
-
/usr/bin/cutcut -d "=" -f 21⤵
-
/usr/bin/headhead -n 11⤵
-
/usr/bin/grepgrep "x-scheme-handler/https=" /usr/share//applications/defaults.list /usr/share//applications/mimeinfo.cache1⤵
-
/usr/bin/sedsed "s/:/ /g"1⤵
- Reads runtime system information
-
/usr/bin/sedsed -e "s|-|/|"1⤵
- Reads runtime system information
-
/usr/bin/sedsed -e "s|-|/|"1⤵
- Reads runtime system information
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/cutcut "-d=" -f 2-1⤵
-
/usr/bin/lsb_release/usr/bin/lsb_release -idrc1⤵
-
/usr/lib/firefox/firefox/usr/lib/firefox/firefox -contentproc -parentBuildID 20240108143603 -prefsLen 20252 -prefMapSize 231436 -appDir /usr/lib/firefox/browser "{d9730a36-49e5-410f-a7c4-44c672c5f6d4}" 1570 true socket1⤵
- Changes its process name
- Reads CPU attributes
- Enumerates kernel/hardware configuration
- Reads runtime system information
-
/usr/local/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr1⤵
-
/usr/local/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr1⤵
-
/usr/sbin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr1⤵
-
/usr/bin/dbus-launchdbus-launch "--autolaunch=4816dd152e8c48ff97e9117d197c13d8" --binary-syntax --close-stderr1⤵
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2B
MD5c4103f122d27677c9db144cae1394a66
SHA11489f923c4dca729178b3e3233458550d8dddf29
SHA25696a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
SHA5125ea71dc6d0b4f57bf39aadd07c208c35f06cd2bac5fde210397f70de11d439c62ec1cdf3183758865fd387fcea0bada2f6c37a4a17851dd1d78fefe6f204ee54
-
Filesize
1.0MB
MD5219612fc4f504322cd02489338c2a3e0
SHA1a36ffeb6cd15ca04a9f7f4371697fbd73fc097ed
SHA256bb40c9f10b0cf1b06945805f1fd0b09db03717e30c282591c96d026f3168a3ae
SHA5126241a9a0e5ffa18ae76ca20de434c06ea0f1de7f72b3b6d33a214fa9cbb9ed9e0d883fd63fd1f4a2fa71292adda23bc8d2a777be244a5d8756d9589aec8eaeb6
-
Filesize
466B
MD5bc96ab2418e7d2487c610fb1302e598c
SHA156fafa6605cf543220e1070c5919ab640812442d
SHA256ec24acf449e6f7f9f938fd9afb2cb6c6f30db50f3eb80ef6c23b966800bd0d94
SHA512b626e98a03e3930a3f454064f6068491e9ca115283b61609706efcd326a81d3dfb00b442ee3440b31a9ccf022eb27c5fe31b434f8a0564be738567a61e4dfa21
-
Filesize
163B
MD52d41a6f5736821b90ef44850dd3873fe
SHA1a47c4bc1431234a5b58e460ede5b571acd38e562
SHA256b4bf5c8334f6db20ae94105141ae7a721342ddccd94ec65289dc291e76a31814
SHA512047a1455211e7aa29ef5f32f07c89d8a0c8d86d871bc664e4d8958a2a014dbe32f0613cd9eb66e7307c0e2439f74ca0b829652a52fa48e8c60d64b41f69914eb
-
Filesize
32KB
MD5026b637578261077a90dc1d37830e6af
SHA17097e5d175331b48a876d3a7dc88a2f841013ca2
SHA256c8a9907517b566e9d0c2bbc7568c227f3f0a119cd487eadb08390a5ae440bce5
SHA51212e5b4e0ce1f6de33da8241760ccc7550cd65a18c4f9ab525bbd66c5fa4998bb4d5e24a22e4285e7030071aaab2a34bdfd10bf22950e42e83db8107b0f63ec5c
-
Filesize
96KB
MD5102a8b6e82208a1b69224bdca8a5b10f
SHA18413dc3772127c4159e6d6b51372990a06b805ee
SHA2565ebf89b32937916a76a8432832040cf0f6b99c2f006cc42f856712d403ec182c
SHA51249c5c27c6749a7a73b4b944eea64ceb053a272619e6319bfd433ffbe126c8fbccc110961018165a4c7de781a86cf38d2bd9e52ec71b10bc73c9fd05fe841a46c
-
Filesize
224KB
MD57d7141a3a76047083ff32c92469b33e5
SHA1978d39d24c028c5b10250d4556b8aa6d0eaba762
SHA256ccb329d692a32feec98bf8226d3d2f8d414f4c5f5f1672591e35fe5ea50bef02
SHA5122bdea07c87dc41c715ec7ea29faa068f70699b9f267cf0485ba6e35546c6109baf1021aaa0911c9b69e9b702a469596745191294648374d4f3ab88867b9a2cd7
-
Filesize
1KB
MD5de8555a763fdc63fdc6f62483b31ef93
SHA155405c8e6576b4a0266eaf4d07d0dfe797caae34
SHA2560dc45a5f47745c616b3d85a0a795c36d8b37bf8ca2fa609e3fae960bf97e7c06
SHA51299ff5a43fb4bb7d6d77650fca8c43d1580cdb60b9f5739aa5e66e7af622e851896c28fbcb2c995e498ae4bf4d8afdbf62be3368ee3eca8a2197f9f0d5e35cdec
-
Filesize
1KB
MD5bfa830402c399ee6e3287b92734963ae
SHA1ccd99fe53b2f79bcc041eefffc77f8e165035900
SHA2560f1c1e515ca38776c37e95e76999aee536037ac7f329a4ef85ad7f5dd0545111
SHA5123b3747b24af465e1635e2f86fc83e6968fbd642d2b97f748b570ead69408f90280383dd631c43588f3ba85c892749aa116f8c7b7cf63b2d037bf0848b1d76405
-
Filesize
776B
MD5f01838aae496d55ba4ed42160f07718b
SHA104d2fa68f27a41749734ae231f1484fc151ea533
SHA256809f9d3ce22cbdbc7353644906138fcef8fa94ff6ed270a0d20b9a7ea53bf00e
SHA51286525fc55cbff2f2d55701652ffc30d475fa3e52193b1637ee031b09b90c6e4e701ede7d48db6ca38b56279012358921c370f0d01cc9780cc817ab3be2b0a5fe
-
Filesize
96KB
MD5e1121e3dd3c8a9c384f879bdddcff219
SHA1625f25a1a5ff8527ab3105636fa7aecb9affd234
SHA256766b9f50254b4e5526b0cde2911512956262596d8937f8630805d3c70802a066
SHA51203e1cee2e75b2b609b8344a40995de09de837e940d2012f2fea65d9c70eecbcd3345b66b852f32211b38b06a4370f06f02ca7521e29e7113e2e12a6a7752be31
-
Filesize
128KB
MD52deebf49355c5a10b8d578962338186a
SHA1004e9abaf561865e420db2621fab2802b387c5ea
SHA2563b1d1947cc05cdc7fbdd8b289519e65f1b203326665247ce93b054e3a4abe679
SHA51273cd9a90d2100ff4b3dcb7abca76f09b97486011f2e1fb3bea1588f8533ed0f8e6768852afe6170f1c2a7f4d260b51e48cdb9bbcc28039aa2561fb8f3a73d48c
-
Filesize
36B
MD54044ef5722dc2287b11c5d3479c14287
SHA1ee11593ab53c634ba4211676358897c5063ca93f
SHA256fed8f9f764cc824b39b27b3d989cc1f38f4f51cf932f88d0bb6e9431cdd75070
SHA512eb6a498c8788be7ce9613df74485c96a6ff6b52d1b88bc396e177b347d5b00c3d8ff9ba1d2b2b905d46bf5139f96b1ddd093296eb2c86696bbed48ddf4645200
-
Filesize
4KB
MD5bcde68669893a50fb9cfb04287548922
SHA1a24b2381e35c18221d539bd38ea71f5bd2cdafd2
SHA256ff730b365a266f12339de84e74ba0eb1991e349f83c1056d510ec9f8ffb4a5c1
SHA5126eeaf26b26e414cbefc67590c61ce0182879426bb5af5e9ef1722f09560027086189cbbc81a9ad168706ba254df4f79c27d4e3d6f011bd8a6f669a22ff9ba122
-
Filesize
47B
MD5cfc2292484be830716f5da1cd9d46e8e
SHA1688f1b4733dd7a6b115b41fb1c0b98441e6b49b8
SHA2560acac85bbe8517634931f8ae497b3cad7112f21f3b2a868370c623fff973568b
SHA5120cbbffbd0498270d46e5904376f567fdb3d275c72a3fb6625592f6bd4d51e581a1d14577dc39d3633119e1638cc3003a4c2affac5fcb04f3dc1ba960e28f149c
-
Filesize
10B
MD56f9fa873370206c77d6ffd198a636c15
SHA1564540901a2558cc9af93d9be637c0b340715952
SHA256a314ddca61be8e158e6e6f030cd1c11757b481def28d64c5828abe7ceee5f361
SHA512f25cb361587a865f510c0f5d7f2a4b4ae6314f60808b8424d18c120fa1bcc2f4ebb63212a88a3169cd6ab37bc6fa84949e6cdd076fc8962b3d8690f3b886b5f4
-
Filesize
47B
MD57ebb7c7d24b751b6d6aaeadb7f8b07a9
SHA1e730e926252684e3a318fea4c449162bb1a9e3e8
SHA256e12a9558979907aa7589ee257bfa1c390020920e48dee4ef3532bdaa51dee8d7
SHA512faf517b55123cf5d7cce0dad34d11698628cd42ef670a6ffd9d72af3d1cad329424297aef5103944f94335f0a1d5c8f955d74eff19be9e8c4f0f8765a823d79d
-
Filesize
62B
MD5cc697be8e9f5cbda18addd4d85a7bd99
SHA19c83dbadcd495a46222ec1bbc64771c9a2cd3019
SHA2568a12829092bb47a43b6a84399feb9310e1cbf42459292336713075d889f63acb
SHA5123f3281f25ebcac7512ffd3ec4120506423327ac35d6300662f68a65ac824949f695dc528fd112120b3c1d5a0be4e9f17652cfe41b469c889210c0de8649cad43
-
Filesize
259B
MD5615b7fd597d5b4a9c145e23dd8ea88f1
SHA1bc3686ffa4050065dff118fb0ce20dad7d01396a
SHA256ae9660104bc02acf6e935a9410164468fe329804f0cf99fd50197402d572fade
SHA5121881615d00bd427fcbcb45ec1fe49e8105e0f9eb66cfcbe9a83b9fdc71dd5f64630dd6acc19809390ce488e1280365c7eb364e8a8047cb2fa09824e061ad1a2c