Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
82s -
max time network
104s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240221-en -
resource tags
arch:mipselimage:debian12-mipsel-20240221-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
11/07/2024, 02:53
Behavioral task
behavioral1
Sample
bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf
Resource
debian12-mipsel-20240221-en
debian-12-mipsel
7 signatures
150 seconds
General
-
Target
bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf
-
Size
79KB
-
MD5
c131e358ee209a59566e649644577cd5
-
SHA1
cbf6266d8c512a593c4f13dddd9a127af89559a7
-
SHA256
bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b
-
SHA512
5a48696b73847186e0e7ea8a3bb687bb457556ac3b96c4d60e10cdd80d226477c292f25132aaee31e38d4af4689d1de1220b7e9c3283b6fff45e5a4b40b9e58e
-
SSDEEP
1536:SuSFceW8JP33UBLwYpWoPPcsVsSbBD1OVeBSqR:/SqeT3EB8M1Of
Score
9/10
Malware Config
Signatures
-
Contacts a large (10476) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for modification /dev/misc/watchdog bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf -
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Enumerates active TCP sockets 1 TTPs 1 IoCs
Gets active TCP sockets from /proc virtual filesystem.
description ioc Process File opened for reading /proc/net/tcp bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf -
Enumerates running processes
Discovers information about currently running processes on the system
-
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
description ioc Process File opened for reading /proc/net/tcp bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf -
Reads runtime system information 64 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/1/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/180/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/730/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/794/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/799/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/947/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/908/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/380/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/742/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/402/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/729/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/827/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/836/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/743/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/695/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/716/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/832/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/868/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/204/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/320/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/390/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/823/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/892/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/948/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/394/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/745/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/866/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/871/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/911/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/927/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/910/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/918/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/402/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/713/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/679/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/808/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/848/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/903/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/950/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/695/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/711/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/907/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/428/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/719/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/802/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/882/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/920/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/844/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/883/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/961/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/740/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/807/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/833/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/919/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/849/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/917/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/667/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/710/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/743/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/667/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/697/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/770/exe bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/352/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf File opened for reading /proc/377/fd bc7059e019b293b0937222bf07c2be72d66307d45a5ff50607d27938f4ec461b.elf