Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
155s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240221-en -
resource tags
-
submitted
14/03/2024, 02:26
General
-
Target
642211182634e9be9c048b693d757ef96f2ecd9af09b8a1365e7db9091abf28e.elf
-
Size
61KB
-
MD5
1e53b21c6961e376506bcbf321315b58
-
SHA1
c4f0d98e42a4bfa26b8bb8e03b98e12513afdba2
-
SHA256
642211182634e9be9c048b693d757ef96f2ecd9af09b8a1365e7db9091abf28e
-
SHA512
81e1d73b412eaa379c69eb698902db80f6493777d4d7d22a78fad5a1491557c35de36d9db1fd9af1f3ee184afdca3c7f58ba7269cd194642832a9a35dbaae540
-
SSDEEP
1536:dpmbSQ6U3q7cCBT/lZsK/3DiQ+LiKimfFoktCe3fYRMo:WShU3q7cEDlCK/3DG9i8Fok06fYRP
Malware Config
Signatures
-
Contacts a large (36855) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Changes its process name 1 IoCs
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/642211182634e9be9c048b693d757ef96f2ecd9af09b8a1365e7db9091abf28e.elf/tmp/642211182634e9be9c048b693d757ef96f2ecd9af09b8a1365e7db9091abf28e.elf1⤵
- Changes its process name
-
/bin/shsh -c "rm -rf bin/systemd && mkdir bin; >���bin/systemd && mv /tmp/642211182634e9be9c048b693d757ef96f2ecd9af09b8a1365e7db9091abf28e.elf bin/systemd; chmod 777 bin/systemd"2⤵
- Writes file to tmp directory
-
/usr/bin/rmrm -rf bin/systemd3⤵
-
-
/usr/bin/mkdirmkdir bin3⤵
-
-
/usr/bin/chmodchmod 777 bin/systemd3⤵
-
-