Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
2.sh
-
Size
18KB
-
Sample
240909-vhqbpa1frf
-
MD5
77e3046e6271f2871ed34497a06ce770
-
SHA1
b0a6bd77c3371ff4be33ba5070aa486204853b0b
-
SHA256
cda6a3a92d746c0be30c1809c15b2f5e344b724dcecbda7729234a798fb5218b
-
SHA512
49072c85b82cd494a7fa55172bc4f012b4f63e096d075cd8ec15aa8f037443408ce516e885f1c54cf65ee617a807adaf2634d3508017a790be40012ba819c7b5
-
SSDEEP
192:7jQ04oGAuVvZ7U3voFUzcF1pNbHqbbA8g5ugdjqDWThOAaI1cnUeGy3K1ywOK:7jpmVCYUw3MbA5WS09QuUeGyJTK
Static task
static1
Behavioral task
behavioral1
Sample
2.sh
Resource
ubuntu1804-amd64-20240508-en
Behavioral task
behavioral2
Sample
2.sh
Resource
debian9-armhf-20240418-en
Behavioral task
behavioral3
Sample
2.sh
Resource
debian9-mipsbe-20240729-en
Behavioral task
behavioral4
Sample
2.sh
Resource
debian9-mipsel-20240226-en
Malware Config
Targets
-
-
Target
2.sh
-
Size
18KB
-
MD5
77e3046e6271f2871ed34497a06ce770
-
SHA1
b0a6bd77c3371ff4be33ba5070aa486204853b0b
-
SHA256
cda6a3a92d746c0be30c1809c15b2f5e344b724dcecbda7729234a798fb5218b
-
SHA512
49072c85b82cd494a7fa55172bc4f012b4f63e096d075cd8ec15aa8f037443408ce516e885f1c54cf65ee617a807adaf2634d3508017a790be40012ba819c7b5
-
SSDEEP
192:7jQ04oGAuVvZ7U3voFUzcF1pNbHqbbA8g5ugdjqDWThOAaI1cnUeGy3K1ywOK:7jpmVCYUw3MbA5WS09QuUeGyJTK
-
Modifies the dynamic linker configuration file
Malware can modify the configuration file of the dynamic linker to preload malicous libraries with every executed process.
-
File and Directory Permissions Modification
Adversaries may modify file or directory permissions to evade defenses.
-
Flushes firewall rules
Flushes/ disables firewall rules inside the Linux kernel.
-
Attempts to change immutable files
Modifies inode attributes on the filesystem to allow changing of immutable files.
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Creates/modifies environment variables
Creating/modifying environment variables is a common persistence mechanism.
-
Disables SELinux
Disables SELinux security module.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Writes file to system bin folder
-
Modifies Bash startup script
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
2Dynamic Linker Hijacking
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Privilege Escalation
Boot or Logon Autostart Execution
4XDG Autostart Entries
1Boot or Logon Initialization Scripts
2RC Scripts
2Create or Modify System Process
1Systemd Service
1Event Triggered Execution
1Unix Shell Configuration Modification
1Hijack Execution Flow
2Dynamic Linker Hijacking
1Path Interception by PATH Environment Variable
1Scheduled Task/Job
1Cron
1Defense Evasion
Deobfuscate/Decode Files or Information
1File and Directory Permissions Modification
1Linux and Mac File and Directory Permissions Modification
1Hijack Execution Flow
2Dynamic Linker Hijacking
1Path Interception by PATH Environment Variable
1