Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    0s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    05/04/2024, 01:46

General

  • Target

    d27f0e39ea9ee3e8fc5045b59ac370ff2fb0a5a4b6c70c23bb3a788993359371.elf

  • Size

    50KB

  • MD5

    17b89e5957964c341369f0ff4bd9659e

  • SHA1

    5dabc4b72aa6e7c4981c4f341522e411ffac77c3

  • SHA256

    d27f0e39ea9ee3e8fc5045b59ac370ff2fb0a5a4b6c70c23bb3a788993359371

  • SHA512

    5a26b20e9e17f5ea9e63e123a12b1482317ebbdbf6d43eebef71326133b32fbed21d8f67ce92d1fa5a427d1632f45bc62b4ee51ea7529b1104c1b86bd62462c6

  • SSDEEP

    768:wDCn6ukPwUNlUTsLmLd9YiKdS2T2ZmKDSwRKq5K/nLe9q3UELp+AIo6EtIhjaKXR:wOnkwYMsIYXdRawKDSwRKq0nLDLIAD0D

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/d27f0e39ea9ee3e8fc5045b59ac370ff2fb0a5a4b6c70c23bb3a788993359371.elf
    /tmp/d27f0e39ea9ee3e8fc5045b59ac370ff2fb0a5a4b6c70c23bb3a788993359371.elf
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    • Reads runtime system information
    PID:654

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads