Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
141s -
max time network
141s -
platform
ubuntu-20.04_amd64 -
resource
ubuntu2004-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2004-amd64-20240611-enkernel:5.4.0-169-genericlocale:en-usos:ubuntu-20.04-amd64system -
submitted
30/08/2024, 17:56
Static task
static1
Behavioral task
behavioral1
Sample
update
Resource
ubuntu1804-amd64-20240611-en
Behavioral task
behavioral2
Sample
update
Resource
ubuntu2004-amd64-20240611-en
Behavioral task
behavioral3
Sample
update
Resource
ubuntu2204-amd64-20240729-en
General
-
Target
update
-
Size
6.8MB
-
MD5
3a0f42a9d7e2c201171a7b95d0cda37e
-
SHA1
c51aecf6b08957c4bc090c64952789f0836578bd
-
SHA256
90adac72b6038472083e3e2ff8ab8a41eb624c5dc5b0dce58653d94d6c8b4da9
-
SHA512
647d7f0ca0b6104e9c4e84b25f3e9db5b6055730ddff2dddcb7b57c1fcc6f309c52587119c54890884315cda52a55813bf9344011fa3292b7fd84fe41d7ee87e
-
SSDEEP
49152:3Hse9N5/ayL0S2Sw10GDeVYjCDeQ0h+VCM8vzG+6X05cUJCS5DrEMDrE6yoXWw4H:3HbYem+6hM8vzQ48SJrE2IUKjg
Malware Config
Signatures
-
Checks mountinfo of local process 1 TTPs 1 IoCs
Checks mountinfo of running processes which indicate if it is running in chroot jail.
description ioc Process File opened for reading /proc/1/mountinfo update -
Reads hardware information 1 TTPs 1 IoCs
Accesses system info like serial numbers, manufacturer names etc.
description ioc Process File opened for reading /sys/class/dmi/id/product_uuid update -
Reads list of loaded kernel modules 1 TTPs 1 IoCs
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
description ioc Process File opened for reading /proc/modules update -
Checks CPU configuration 1 TTPs 1 IoCs
Checks CPU information which indicate if the system is a virtual machine.
description ioc Process File opened for reading /proc/cpuinfo update -
Enumerates kernel/hardware configuration 1 TTPs 1 IoCs
Reads contents of /sys virtual filesystem to enumerate system information.
description ioc Process File opened for reading /sys/kernel/mm/transparent_hugepage/hpage_pmd_size update -
Reads runtime system information 9 IoCs
Reads data from /proc virtual filesystem.
description ioc Process File opened for reading /proc/self/maps update File opened for reading /proc/filesystems update File opened for reading /proc/1/stat update File opened for reading /proc/1/comm update File opened for reading /proc/self/cgroup update File opened for reading /proc/stat update File opened for reading /proc/bus/pci/devices update File opened for reading /proc/self/status update File opened for reading /proc/1/environ update -
Writes file to shm directory 1 IoCs
Malware can drop malicious files in the shm directory which will run directly from RAM.
description ioc Process File opened for modification /dev/shm/.shmTojAvR update
Processes
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
7.8MB
MD50cc445a80a3a1156192fc079d575428f
SHA18a403a154a5835296cf812cdbbab50c445e9758d
SHA25620f09959706797b81b2a4de627c01d0c0d890d142954d455a0e50f7811bdc951
SHA5121eb6cce112630cc62379bacad791c41b383fa318a90ffeef40419d1029d444fa1a7763908926e909b1fc1c52822511ba155ff3ab23c9f362bdb68670fbf3c4d0