Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

gosh/a

ubuntu-22.04-amd64

6

gosh/bash

ubuntu-22.04-amd64

1

gosh/common.js

ubuntu-22.04-amd64

3

gosh/go

ubuntu-22.04-amd64

6

gosh/pscan2

ubuntu-22.04-amd64

gosh/screen

ubuntu-22.04-amd64

gosh/ss

ubuntu-22.04-amd64

1

2013011906...gz.tar

ubuntu-22.04-amd64

.s/autorun

ubuntu-22.04-amd64

6

.s/bash

ubuntu-22.04-amd64

.s/inst

ubuntu-22.04-amd64

3

.s/m.vbs

ubuntu-22.04-amd64

.s/pico

ubuntu-22.04-amd64

.s/run

ubuntu-22.04-amd64

1

.s/start

ubuntu-22.04-amd64

1

.s/xh

ubuntu-22.04-amd64

2013020211...gz.tar

ubuntu-22.04-amd64

god/-sh

ubuntu-22.04-amd64

god/autorun

ubuntu-22.04-amd64

6

god/install

ubuntu-22.04-amd64

1

god/run

ubuntu-22.04-amd64

1

god/start

ubuntu-22.04-amd64

1

god/update

ubuntu-22.04-amd64

1

god/zmeu.vbs

ubuntu-22.04-amd64

sc/L

ubuntu-22.04-amd64

1

sc/exim

ubuntu-22.04-amd64

sc/ss

ubuntu-22.04-amd64

1

sc/x.pl

ubuntu-22.04-amd64

1

2013020211..._mysql

ubuntu-22.04-amd64

4

Resubmissions

23/07/2024, 21:32

240723-1d16aazdjk 1

23/07/2024, 21:32

240723-1dsh5ssgkh 6

23/07/2024, 21:10

240723-z1hrsasakd 1

Analysis

  • max time kernel
    0s
  • max time network
    385s
  • platform
    ubuntu-22.04_amd64
  • resource
    ubuntu2204-amd64-20240611-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system
  • submitted
    23/07/2024, 21:32

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    god/autorun

  • Size

    329B

  • MD5

    11ec5904d11d0e96f4bc99360658754e

  • SHA1

    787285e62b08dd2ece9d1b5bd12ab3a46a7de372

  • SHA256

    de45559757e310e6c74dff999465d12d725d2292481d3016f00359dc62b46ac8

  • SHA512

    372f00b2cfaddfe4a911773689767b57bd32c57c0a0b1ac0af96fe093aa0333a5bcc4bbdc08df37cb3e541c7f05a1d898eae018e15963d2f8090ad1a08cdb346

Score
6/10
persistence

Malware Config

Signatures

  • Creates/modifies Cron job 1 TTPs 1 IoCs

    Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    persistence
  • Reads runtime system information 1 IoCs

    Reads data from /proc virtual filesystem.

  • Writes file to tmp directory 3 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/god/autorun
    /tmp/god/autorun
    1⤵
    • Writes file to tmp directory
    PID:1563
    • /usr/bin/cat
      cat zmeu.dir
      2⤵
        PID:1564
      • /usr/bin/crontab
        crontab zmeu.cron
        2⤵
        • Creates/modifies Cron job
        PID:1565
      • /usr/bin/grep
        grep update
        2⤵
        • Reads runtime system information
        PID:1567
      • /usr/bin/crontab
        crontab -l
        2⤵
          PID:1566
        • /usr/bin/chmod
          chmod u+x update
          2⤵
            PID:1568

        Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • /var/spool/cron/crontabs/tmp.ExzkhO
          Filesize

          225B

          MD5

          35036ae54356ca97c39e61d2d942d9ec

          SHA1

          b9084a8d38d1dbc3d1586bcea093c1e5f067546c

          SHA256

          74c94f979099514eb5e44ff0a2673520aa557c3aa40a3d525fd3d83f21e3285b

          SHA512

          f3c5e8726fcb274a2693da0916bd9db125e42be3e10cdf172f71922ec63292b09b807411334fe97a419d0b3018c079137d53f21b7198c4a8a203216cf6931d2f

          Download Submit