Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
5s -
platform
debian-9_mips -
resource
debian9-mipsbe-20240226-en -
resource tags
arch:mipsimage:debian9-mipsbe-20240226-enkernel:4.9.0-13-4kc-maltalocale:en-usos:debian-9-mipssystem -
submitted
11/04/2024, 23:25
General
-
Target
SecuriteInfo.com.Linux.Siggen.9999.4639.7301.elf
-
Size
42KB
-
MD5
adc9235b08af597bdbe07f1efbfd0fff
-
SHA1
42d2b5084de12d3fc44fad931caafa9979d2cdf5
-
SHA256
64a3448a84f5d1b31fc35d5dcddeccc0445da443ec1309334b0c72ad1d784b54
-
SHA512
3e96cef52d6c35f49c061009b8cf57ba7fc7cee32693edb252dfbff6e39a2785ee7f140b8b0063c2e54e1e5c433289b1633d1c196f9e695ee9a06b58c2968892
-
SSDEEP
768:J2B3TJpXt+Qn7yVcNsAbbe7qJRhYQJ5O6cGYAxWhoxmJgGlzDpbuR1J2YIZwmFOV:wdTHt+QkcN7btRhYYODAx2oxSVJu8YIM
Malware Config
Extracted
Family
mirai
Botnet
BOTNET
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/Sofia 702 SecuriteInfo.com.Linux.Siggen.9999.4639.7301.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog SecuriteInfo.com.Linux.Siggen.9999.4639.7301.elf File opened for modification /dev/misc/watchdog SecuriteInfo.com.Linux.Siggen.9999.4639.7301.elf -
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp SecuriteInfo.com.Linux.Siggen.9999.4639.7301.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp SecuriteInfo.com.Linux.Siggen.9999.4639.7301.elf