Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
na.elf
-
Size
35KB
-
Sample
241015-gyrb2aygka
-
MD5
75c590da87126d6558727e6212900f36
-
SHA1
8cd568774d4a1d0f4253c890872e08ae02adb024
-
SHA256
c13deb9c8dde10f79603e309adef364de0710ab530bc652738a8f13f944bc9a7
-
SHA512
e527d595e6a09063ab094c9b6d2785c92a04cd378399bc8f8b947e9f751c63b98477e76b2df726ebcf2275834d58e59b9e81998ef5e4e8dde394707be48d2dc0
-
SSDEEP
768:AaENdtwmp8zGK1FXMMmS+qzIpz06+CMli5W7GzcPX83N:8NdtwO8zxt+H0NlcR3N
Behavioral task
behavioral1
Sample
na.elf
Resource
ubuntu2404-amd64-20240523-en
Malware Config
Targets
-
-
Target
na.elf
-
Size
35KB
-
MD5
75c590da87126d6558727e6212900f36
-
SHA1
8cd568774d4a1d0f4253c890872e08ae02adb024
-
SHA256
c13deb9c8dde10f79603e309adef364de0710ab530bc652738a8f13f944bc9a7
-
SHA512
e527d595e6a09063ab094c9b6d2785c92a04cd378399bc8f8b947e9f751c63b98477e76b2df726ebcf2275834d58e59b9e81998ef5e4e8dde394707be48d2dc0
-
SSDEEP
768:AaENdtwmp8zGK1FXMMmS+qzIpz06+CMli5W7GzcPX83N:8NdtwO8zxt+H0NlcR3N
-
OS Credential Dumping
Adversaries may attempt to dump credentials to use it in password cracking.
-
Renames itself
-
Creates/modifies Cron job
Cron allows running tasks on a schedule, and is commonly used for malware persistence.
-
Enumerates running processes
Discovers information about currently running processes on the system
-
Modifies systemd
Adds/ modifies systemd service files. Likely to achieve persistence.
-
Reads list of loaded kernel modules
Reads the list of currently loaded kernel modules, possibly to detect virtual environments.
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
2XDG Autostart Entries
1Boot or Logon Initialization Scripts
1RC Scripts
1Create or Modify System Process
1Systemd Service
1Scheduled Task/Job
1Cron
1