Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
145s -
max time network
159s -
platform
debian-9_armhf -
resource
debian9-armhf-20240611-en -
resource tags
arch:armhfimage:debian9-armhf-20240611-enkernel:4.9.0-13-armmp-lpaelocale:en-usos:debian-9-armhfsystem -
submitted
16/01/2025, 18:32
Behavioral task
behavioral1
Sample
pecga.arm5.elf
Resource
debian9-armhf-20240611-en
4 signatures
150 seconds
General
-
Target
pecga.arm5.elf
-
Size
71KB
-
MD5
b50cf2aa5d51254555d95a2d3bb0260c
-
SHA1
8f429d3ac7fe4e7c7d8759a1b35670b1479d5482
-
SHA256
76902492ec92ee429c17602088f826cfefa6519c529ee948bdc621809e4f5247
-
SHA512
eb0062298003afb9ae14b92c37f63185ed25f18ad5260603034487c2e2594b12ab3ad8bebf4975fcc2a090d6b644eaea2cba76cad3a9c5caad30092e99fbe108
-
SSDEEP
1536:cBR8D6qP2t5eOD6ilbYp3WpyeGqF1v+XE5obk:cBtD6QbY2yeGgmXRb
Score
7/10
Malware Config
Signatures
-
Deletes itself 1 IoCs
pid Process 642 pecga.arm5.elf -
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
description ioc Process File opened for modification /dev/misc/watchdog pecga.arm5.elf File opened for modification /dev/watchdog pecga.arm5.elf -
Writes file to system bin folder 2 IoCs
description ioc Process File opened for modification /sbin/watchdog pecga.arm5.elf File opened for modification /bin/watchdog pecga.arm5.elf -
Changes its process name 1 IoCs
description ioc pid Process Changes the process name, possibly in an attempt to hide itself i571j6hntq5j5imt 642 pecga.arm5.elf