Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
99s -
max time network
153s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
15/01/2025, 02:59
Behavioral task
behavioral1
Sample
8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92.elf
Resource
debian9-armhf-20240611-en
General
-
Target
8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92.elf
-
Size
51KB
-
MD5
8c66a273b7dbce2d3068cb6e41531f65
-
SHA1
34969d7168d3935f0116eb37a55991306aec895f
-
SHA256
8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92
-
SHA512
f3b31736a28d242d19cacd42e3c16f040c8c3793c40572c9fbaae844b8ae974c9c4ffe779234f3e71e4be360422ad7c9719d0855fe6030c017345b81907dcfff
-
SSDEEP
768:j0QDd8eakzD4lR+YOANqN+QUV0Fji9qooxn5ZkHPLSxMPh6I/5/NPsB2gGVzJ:Vd5atOAN9RV0FW9qN5Zkvm69KBIt
Malware Config
Signatures
-
Contacts a large (106190) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/watchdog 8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92.elf File opened for modification /dev/misc/watchdog 8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself /var/Sofia 650 8eedeeb60f1f05cb6143fedac89b2a8501bf64f57b24bf6ab031df89760d7f92.elf