Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
0s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
11/04/2024, 21:46
General
-
Target
737835c6776b10964562bcdd6ee04391.elf
-
Size
50KB
-
MD5
737835c6776b10964562bcdd6ee04391
-
SHA1
6d936490f46eed7b58407ffdabf42fbd9ab1f338
-
SHA256
5c1b326eded450c6f0b7a3f3fa56da97835f7bbb52cec2602e58491b6ee1927a
-
SHA512
5d10f87eef05d603cf59392961f72024a515360dc9f69811b4744ecd722183f8f6e96054c56a1b64772b4ae7f727409efa7ef5db5cd15a8abfb110c05e9d43ef
-
SSDEEP
1536:2lpABKkhUpfaypfOataVm4v3s58nLhg8BKAlw6:2rkhUhaypftaVH3jnLhUAb
Malware Config
Extracted
Family
mirai
Botnet
BOTNET
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/Sofia 638 737835c6776b10964562bcdd6ee04391.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 737835c6776b10964562bcdd6ee04391.elf File opened for modification /dev/misc/watchdog 737835c6776b10964562bcdd6ee04391.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/exe 737835c6776b10964562bcdd6ee04391.elf