Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

8IR4B_bins.sh

ubuntu-18.04-amd64

3

8IR4B_bins.sh

debian-9-armhf

4

8IR4B_bins.sh

debian-9-mips

10

8IR4B_bins.sh

debian-9-mipsel

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8IR4B_bins.sh

  • Size

    10KB

  • Sample

    250104-yz9y7svqaw

  • MD5

    942d94d9683731e7c0e80fb1184455c6

  • SHA1

    bcb4bc2b172dd258e1864c02f6e19b3a35b0d610

  • SHA256

    67e889a87756f6c3c9efbbe222582538a388eb437b8b98840566a49576b776d8

  • SHA512

    58c5eb1e3024d4d713047c5b02ace9a829c3161d260ca04e126f21e93e40fb990dbc3fd0b4235210b994411f852fac2dffe07daac1ab029f7b62f8c087fec9d0

  • SSDEEP

    96:Y/T/v/UJJFSqhLzP4LRJLfh1hVhWxt3UDfUjgjcjf8cpaSzTv1koCLHbIi6loooE:nY1b7Wxt3uTJlEn3ncb7WxtiJlEn3Z

Score
10/10
xorbotantivmbotnetdefense_evasiondiscoveryexecutionlinuxpersistenceprivilege_escalatiotrojan

Malware Config

Targets

    • Target

      8IR4B_bins.sh

    • Size

      10KB

    • MD5

      942d94d9683731e7c0e80fb1184455c6

    • SHA1

      bcb4bc2b172dd258e1864c02f6e19b3a35b0d610

    • SHA256

      67e889a87756f6c3c9efbbe222582538a388eb437b8b98840566a49576b776d8

    • SHA512

      58c5eb1e3024d4d713047c5b02ace9a829c3161d260ca04e126f21e93e40fb990dbc3fd0b4235210b994411f852fac2dffe07daac1ab029f7b62f8c087fec9d0

    • SSDEEP

      96:Y/T/v/UJJFSqhLzP4LRJLfh1hVhWxt3UDfUjgjcjf8cpaSzTv1koCLHbIi6loooE:nY1b7Wxt3uTJlEn3ncb7WxtiJlEn3Z

    Score
    10/10
    discoveryantivmxorbotbotnetdefense_evasionexecutionpersistenceprivilege_escalatiotrojan

    • Detects Xorbot

      botnettrojan

    • Xorbot

      Xorbot is a linux botnet and trojan targeting IoT devices.

      botnettrojanxorbot

    • Xorbot family

      xorbot

    • Contacts a large (800) amount of remote hosts

      This may indicate a network scan to discover remotely running services.

      discovery

    • File and Directory Permissions Modification

      Adversaries may modify file or directory permissions to evade defenses.

      defense_evasion

    • Executes dropped EXE

    • Renames itself

    • Creates a large amount of network flows

      This may indicate a network scan to discover remotely running services.

      discovery

    • Creates/modifies Cron job

      Cron allows running tasks on a schedule, and is commonly used for malware persistence.

      executionpersistenceprivilege_escalatio

    • Enumerates running processes

      Discovers information about currently running processes on the system

    behavioral1behavioral2behavioral3behavioral4

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.