Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
149s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
15/12/2024, 10:01
Behavioral task
behavioral1
Sample
main_arm5.elf
Resource
debian9-armhf-20240611-en
4 signatures
150 seconds
General
-
Target
main_arm5.elf
-
Size
126KB
-
MD5
8f99f61919a763c19d1292d2d45ded57
-
SHA1
ba825f4337350803cab52150e50126fdbdf71fbc
-
SHA256
cc3245a40fdd163c1485c15970d0d7e21164df7d4076201db4312a346f3c8468
-
SHA512
3e21f121d5f5e793446e539689cc21eb5f0d77db9db5f2f08f76c76b0efc23df238f1d54fc054fa789b98a268e8974d7f1558d32159a63752c00667962161d6e
-
SSDEEP
1536:p3Ka0rG5yC/cMChygtxOBdWFAcJX4VlgXTAjcFAaUGxrf851WhXVVlnKwywEReQe:5KaprMh7XOXWFh4UXwcFAa5xovW5kKo
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 666 main_arm5.elf -
Traces itself 2 IoCs
Traces itself to prevent debugging attempts
pid Process 666 main_arm5.elf 667 main_arm5.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself httpd 666 main_arm5.elf -
Writes file to tmp directory 1 IoCs
Malware often drops required files in the /tmp directory.
description ioc Process File opened for modification /tmp/main_arm5.elf main_arm5.elf