Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
101s -
max time network
150s -
platform
ubuntu-22.04_amd64 -
resource
ubuntu2204-amd64-20240611-en -
resource tags
arch:amd64arch:i386image:ubuntu2204-amd64-20240611-enkernel:5.15.0-105-genericlocale:en-usos:ubuntu-22.04-amd64system -
submitted
11/12/2024, 23:51
Behavioral task
behavioral1
Sample
jew.x86.elf
Resource
ubuntu2204-amd64-20240611-en
General
-
Target
jew.x86.elf
-
Size
60KB
-
MD5
0c9d13b8a66a0d51a37ad36c0a4f85e2
-
SHA1
869b064cdcb70310b9af9fa25bc92c4a0430af13
-
SHA256
6cae9625ea917a34f39d33cc7372ee7d261a29beb7a6a242b2bae7bf3f6c8401
-
SHA512
128da26297725cb918e49fab03b42fdab6c1b8e6c31610eafb86ed056e074b98af33ce0a11a881ae52ba32ffd3e7436c955467716c0e71ce46cc1921a582176b
-
SSDEEP
768:JjiwQ4KFW+Ny+8GbGN1hLZYRMLxJtWOboPLZhgtp7Cya3slMqWvjW:Ey+NH8x7huxObchgTNJWrW
Malware Config
Signatures
-
Contacts a large (115796) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog jew.x86.elf File opened for modification /dev/misc/watchdog jew.x86.elf -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /bin/watchdog jew.x86.elf File opened for modification /sbin/watchdog jew.x86.elf -
Changes its process name 1 IoCs
description pid Process Changes the process name, possibly in an attempt to hide itself 1573 jew.x86.elf