Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1s -
platform
debian-9_armhf -
resource
debian9-armhf-20240226-en -
resource tags
arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
13/04/2024, 01:01
General
-
Target
817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f.elf
-
Size
30KB
-
MD5
1250f7417aa480cb7b1d7ede21ea38f1
-
SHA1
849ccc7f4036b79493960168e53d7dee37c95e3c
-
SHA256
817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f
-
SHA512
811e8e2068ff4ff4e7f471335fac6c00ec742e9537267928aef9404eb3ebce4edb5213cc798ad89cc390c1326490ede647614104d4a0078fb671fdb4cd3ecf7d
-
SSDEEP
768:frBmuobq8zCgCDIxb2sQbvUyegs3UozTk:fkbq8z7CcxbMbMVVzTk
Malware Config
Extracted
Family
mirai
Botnet
BOTNET
Signatures
-
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/Sofia 653 817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f.elf File opened for modification /dev/misc/watchdog 817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f.elf -
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/exe 817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f.elf