Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    1c2de2706da97d7858f14fb36404339a.elf

  • Size

    199KB

  • Sample

    240408-yvdp7sae56

  • MD5

    1c2de2706da97d7858f14fb36404339a

  • SHA1

    45b0a7d60cbe1b9051a61c4a7534a6768943a45e

  • SHA256

    52b6f31e6f2da1b3aa257863b16182d3c6b7e72460579aebce70ded6126ce686

  • SHA512

    bda3074fa565f8885c4647df063c8d9f5106a50cd3a0d362d3c241eec6c3c187a667b262d7a97ea25aca5a3871208ff228d999577e61df59d4ca437b1330d892

  • SSDEEP

    3072:ooIR900aTESn9teFTmlaIRyOHDDTlPWDyaejZh:oowVSeFTm3rDDTlPWDyaejZh

Score
10/10

Malware Config

Targets

    • Target

      1c2de2706da97d7858f14fb36404339a.elf

    • Size

      199KB

    • MD5

      1c2de2706da97d7858f14fb36404339a

    • SHA1

      45b0a7d60cbe1b9051a61c4a7534a6768943a45e

    • SHA256

      52b6f31e6f2da1b3aa257863b16182d3c6b7e72460579aebce70ded6126ce686

    • SHA512

      bda3074fa565f8885c4647df063c8d9f5106a50cd3a0d362d3c241eec6c3c187a667b262d7a97ea25aca5a3871208ff228d999577e61df59d4ca437b1330d892

    • SSDEEP

      3072:ooIR900aTESn9teFTmlaIRyOHDDTlPWDyaejZh:oowVSeFTm3rDDTlPWDyaejZh

    Score
    9/10
    • Contacts a large (65892) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

    • Changes its process name

    • Modifies Watchdog functionality

      Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

    • Reads system routing table

      Gets active network interfaces from /proc virtual filesystem.

MITRE ATT&CK Enterprise v15

Tasks