Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

10

zmap.x86.elf

ubuntu-24.04-amd64

7

Analysis

  • max time kernel
    130s
  • max time network
    149s
  • platform
    ubuntu-24.04_amd64
  • resource
    ubuntu2404-amd64-20240523-en
  • resource tags

    arch:amd64arch:i386image:ubuntu2404-amd64-20240523-enkernel:6.8.0-31-genericlocale:en-usos:ubuntu-24.04-amd64system
  • submitted
    24/12/2024, 12:01 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    zmap.x86.elf

  • Size

    61KB

  • MD5

    7779c9056b747f05d9d0b5033f58080f

  • SHA1

    adbd9c8299eb02f34460587ade84e13c8afaf732

  • SHA256

    4bc210de5a0d0660b3f36c21486b94fbc2d447c4306824b4e6b95349023d7510

  • SHA512

    5ef8d9bc2187a8ffecdb2a346f35da9d1a93de779ee8d4c8e65a4c144ae97649de3d55e2515efc437f1c6a6b4afd8cd92879287c806fb1f2681fca01637d30df

  • SSDEEP

    1536:1BGfyT5OGMMt4cesUTeFIv5TzHhq6g80CIjOepn2+:1caT5OGMMtmaATzBq6p07KanL

Score
7/10
rootkit

Malware Config

Signatures

  • Loads a kernel module 1 IoCs

    Loads a Linux kernel module, potentially to achieve persistence

    rootkit
  • Writes file to tmp directory 1 IoCs

    Malware often drops required files in the /tmp directory.

Processes

  • /tmp/zmap.x86.elf
    /tmp/zmap.x86.elf
    1⤵
    • Loads a kernel module
    • Writes file to tmp directory
    PID:2821

Network

  • flag-us
    DNS
    srvy.vlrt-gap.com
    Remote address:
    8.8.8.8:53
    Request
    srvy.vlrt-gap.com
    IN A
    Response
    srvy.vlrt-gap.com
    IN A
    185.196.8.105
  • 185.196.8.105:59962
    srvy.vlrt-gap.com
    903 B
     742 B
     17
    14
  • 224.0.0.251:5353
    146 B
     2
  • 8.8.8.8:53
    srvy.vlrt-gap.com
    dns
    63 B
     79 B
     1
    1

    DNS Request

    srvy.vlrt-gap.com

    DNS Response

    185.196.8.105

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.