Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    1s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240226-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240226-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    13/04/2024, 01:01

General

  • Target

    817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f.elf

  • Size

    30KB

  • MD5

    1250f7417aa480cb7b1d7ede21ea38f1

  • SHA1

    849ccc7f4036b79493960168e53d7dee37c95e3c

  • SHA256

    817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f

  • SHA512

    811e8e2068ff4ff4e7f471335fac6c00ec742e9537267928aef9404eb3ebce4edb5213cc798ad89cc390c1326490ede647614104d4a0078fb671fdb4cd3ecf7d

  • SSDEEP

    768:frBmuobq8zCgCDIxb2sQbvUyegs3UozTk:fkbq8z7CcxbMbMVVzTk

Score
10/10

Malware Config

Extracted

Family

mirai

Botnet

BOTNET

Signatures

  • Mirai

    Mirai is a prevalent Linux malware infecting exposed network devices.

  • Changes its process name 1 IoCs
  • Modifies Watchdog functionality 1 TTPs 2 IoCs

    Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

Processes

  • /tmp/817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f.elf
    /tmp/817e4d91914f1c8acb60b74b56ca7cd786cdc6edaa82c866230bdb76487bbe6f.elf
    1⤵
    • Changes its process name
    • Modifies Watchdog functionality
    • Reads runtime system information
    PID:653

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads