Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

7

Static

static

5

na.elf

ubuntu-24.04-amd64

7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    na.elf

  • Size

    35KB

  • Sample

    241015-gyrb2aygka

  • MD5

    75c590da87126d6558727e6212900f36

  • SHA1

    8cd568774d4a1d0f4253c890872e08ae02adb024

  • SHA256

    c13deb9c8dde10f79603e309adef364de0710ab530bc652738a8f13f944bc9a7

  • SHA512

    e527d595e6a09063ab094c9b6d2785c92a04cd378399bc8f8b947e9f751c63b98477e76b2df726ebcf2275834d58e59b9e81998ef5e4e8dde394707be48d2dc0

  • SSDEEP

    768:AaENdtwmp8zGK1FXMMmS+qzIpz06+CMli5W7GzcPX83N:8NdtwO8zxt+H0NlcR3N

Score
7/10
credential_accessdiscoveryevasionexecutionlinuxpersistenceprivilege_escalatioprivilege_escalationupx

Malware Config

Targets

    • Target

      na.elf

    • Size

      35KB

    • MD5

      75c590da87126d6558727e6212900f36

    • SHA1

      8cd568774d4a1d0f4253c890872e08ae02adb024

    • SHA256

      c13deb9c8dde10f79603e309adef364de0710ab530bc652738a8f13f944bc9a7

    • SHA512

      e527d595e6a09063ab094c9b6d2785c92a04cd378399bc8f8b947e9f751c63b98477e76b2df726ebcf2275834d58e59b9e81998ef5e4e8dde394707be48d2dc0

    • SSDEEP

      768:AaENdtwmp8zGK1FXMMmS+qzIpz06+CMli5W7GzcPX83N:8NdtwO8zxt+H0NlcR3N

    Score
    7/10
    credential_accessdiscoveryevasionexecutionpersistenceprivilege_escalatioprivilege_escalation

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

      credential_access

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalatio

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

      persistence

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

      persistenceprivilege_escalation

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

      evasion
    behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Persistence

Boot or Logon Autostart Execution

2
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

1
T1037

RC Scripts

1
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

XDG Autostart Entries

1
T1547.013

Boot or Logon Initialization Scripts

1
T1037

RC Scripts

1
T1037.004

Create or Modify System Process

1
T1543

Systemd Service

1
T1543.002

Scheduled Task/Job

1
T1053

Cron

1
T1053.003

Defense Evasion

Virtualization/Sandbox Evasion

1
T1497

Credential Access

OS Credential Dumping

1
T1003

/etc/passwd and /etc/shadow

1
T1003.008

Discovery

Virtualization/Sandbox Evasion

1
T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks