Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    na.elf

  • Size

    35KB

  • Sample

    241015-gyrb2aygka

  • MD5

    75c590da87126d6558727e6212900f36

  • SHA1

    8cd568774d4a1d0f4253c890872e08ae02adb024

  • SHA256

    c13deb9c8dde10f79603e309adef364de0710ab530bc652738a8f13f944bc9a7

  • SHA512

    e527d595e6a09063ab094c9b6d2785c92a04cd378399bc8f8b947e9f751c63b98477e76b2df726ebcf2275834d58e59b9e81998ef5e4e8dde394707be48d2dc0

  • SSDEEP

    768:AaENdtwmp8zGK1FXMMmS+qzIpz06+CMli5W7GzcPX83N:8NdtwO8zxt+H0NlcR3N

Malware Config

Targets

    • Target

      na.elf

    • Size

      35KB

    • MD5

      75c590da87126d6558727e6212900f36

    • SHA1

      8cd568774d4a1d0f4253c890872e08ae02adb024

    • SHA256

      c13deb9c8dde10f79603e309adef364de0710ab530bc652738a8f13f944bc9a7

    • SHA512

      e527d595e6a09063ab094c9b6d2785c92a04cd378399bc8f8b947e9f751c63b98477e76b2df726ebcf2275834d58e59b9e81998ef5e4e8dde394707be48d2dc0

    • SSDEEP

      768:AaENdtwmp8zGK1FXMMmS+qzIpz06+CMli5W7GzcPX83N:8NdtwO8zxt+H0NlcR3N

    • OS Credential Dumping

      Adversaries may attempt to dump credentials to use it in password cracking.

    • Renames itself

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

    • Enumerates running processes

      Discovers information about currently running processes on the system

    • Modifies init.d

      Adds/modifies system service, likely for persistence.

    • Modifies systemd

      Adds/ modifies systemd service files. Likely to achieve persistence.

    • Reads list of loaded kernel modules

      Reads the list of currently loaded kernel modules, possibly to detect virtual environments.

MITRE ATT&CK Enterprise v15

Tasks